@leo Regarding the Secure Time Heuristic issue, I'd think the requirement for that to be enabled by default would be that there is a validation that the server one pulls a timestamp out of the ssl packet from happens to be an IIS server. #SN936 #SecurityNow