There are a few ways to manage how a file download attempt is treated when it is also being analyzed by Zscaler Cloud Sandbox. Have you reached out to Zscaler Support via https://help.zscaler.com/submit-ticket on this case yet? If not, I would encourage that as they would be best equipped to troubleshoot the cases you have experienced and provide feedback on how to optimize your policy.
In short though, a file is generally analyzed by Cloud Sandbox only if it has never been seen before, has passed other security engines already without a clear verdict, and only if it is suspicious in nature. In your case, it seems that the file was temporarily quarantined, and after that, the dynamic link had expired. If that is the case, the user may need to re-authenticate the download request. If it is the same file, it will not be held a second time, and should be available for download, assuming it was not found malicious.
It is also possible to set granular policy on how to treat files that are being analyzed in Sandbox for the first time. Read more here https://help.zscaler.com/zia/configuring-sandbox-policy for the “First-Time Action”. Let us know if this helps.