Couldn't find anything but I'm sure someone has seen it. Basically I have a few (four) events with a future Detected date (e.g. 2154-04-12 ) 3 of these are VirusScan events and one of them is a HIPS event.
So my first question is, I'm guessing the timestamp comes from the server's timezone. But that is only an assumption and I can't perform a test on production data.
The second question is does anyone know how 'event integrity' works with HIPS? I may just post a separate discussion, but just curious if anyone had anything. For example I can see plain-text xml files in the events folder. These xml files sometimes have HIPS event information, is that how the HIPS events are sent over the wire? Or does the xml file act more as a 'header' of sorts for the encrypted pkg files?