cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
erebus
Level 9
Report Inappropriate Content
Message 1 of 3
‎12-26-2017 07:19 AM

Different dates showing for same event?

I'm using ePO 5.9.1 and had a threat event show up that listed different dates and times.  Normally I just see one date listed so this seemed odd to me.  I contacted McAfee support to see why multiple dates would show up they referred me to the help files with ePO.  I explained again that it was 3 different dates which seemed odd, and they said I would find the answers in the help files.

Here is essentially what I'm seeing when I look at the date/time details of the threat event. 

Event Generated Time: Date/Time X

Preferred Event Time: Date/Time X

Analyzer Content Creation Date: Date/Time Y

Target Modify Time: Date/Time Z

Target Access Time: Date/Time Z

I can find "Event Generated Time" and "Preferred Event Time" in the Help, but it has nothing about "Analyzer Content Creation Date", Target Modify Time" or "Target Access Time". 

So my questions are:

1. What are "Analyzer Content Creation Date", Target Modify Time", and "Target Access Time".

2. Why would there be 3 different dates listed? 

1 person had this problem.
0 Kudos
Reply
2 Replies
jaydxt01
Level 9
Report Inappropriate Content
Message 2 of 3
‎01-02-2018 11:33 PM

Re: Different dates showing for same event?

"Analyzer Content Creation Date" is the DAT/Signature Creation Date

If the ENS has triggered the threat event then it means when was the AMCore Content which is there on the node is created.

"Target Modify Time": Time when the object for which threat event is triggered is modified on the client machine.

"Target Access Time": Time when the object for which threat event is triggered is accessed on the client machine.

"Target Access Time" will always be before "Target Modify Time"

Hope this helps.

Regards,

Ajaykant Jha

0 Kudos
Reply
erebus
Level 9
Report Inappropriate Content
Message 3 of 3
‎01-03-2018 06:50 AM

Re: Different dates showing for same event?

The "Analyzer Content Creation Date" makes sense, but the "Target Access Time" and "Target Modify Time" are the same (which maybe isn't a big deal).  Also the "Event Generated Time" and "Preferred Event Time" are the same to each other, but different from the "Target Access Time" and "Target Modify Time".  I thought event and time and target time would be at least close to each other, but these are months apart. 

Analyzer Content Creation Date:

11/8/17 3:35:02 AM CST

Event Generated Time:

12/7/17 7:13:24 AM CST

Preferred Event Time:

12/7/17 7:13:24 AM CST

Target Modify Time:

9/29/17 3:43:19 AM CDT

Target Access Time:

9/29/17 3:43:19 AM CDT

Target Create Time:

9/29/17 3:43:19 AM CDT

0 Kudos
Reply
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community


Corporate Headquarters
6220 America Center Drive
San Jose, CA 95002 USA

Consumer Support   |   Enterprise Support   |   McAfee.com

Legal   |   Privacy   |   Copyright © 2020 McAfee, LLC