False alert generated 5 days in the future

There is a Light Gateway installed on the DC. The DC is a virtual machine.

If I check the DC event logs, System, and sort by date descending, there are no logs timestamped in the future. The last reboot according to this log was 24 Jan, and I have continuous logs since that date which shows the machine has always been up and running. The current time in the server is correct. If I filter on source: Kernel-General, Event ID 1 ("the system time has changed"), the last time the time was changed was 24 Jan, and that was a microsecond correction. If I look at the events 17 Feb 02:00 - 04:00, I have some for 02:05:25 but that's just normal Windows activity: Group Policy applying, "The Network Connectivity Assistant service entered the stopped state.", "The Windows Update service entered the running state.", "The Portable Device Enumerator Service service entered the running state.", "The Portable Device Enumerator Service service entered the stopped state."

If I check the Gateway-Errors log on the DC, the only entry on 17 Feb is at 18:05, and it's unrelated.

If I check the Gateway-Resolution log, I can find the alerting computer in there, and the records around the timestamp for it are 17 Feb 02:04:39 and 02:10:07, both "Resolved using RPC NTLM". This repeats every few minutes.

I can't find any record that would cause this alert with this timestamp, and the DC has always had the correct time, and it has been up and running continuously with no time change since 24 Jan.

Where does the "End Date" value come from on the detail download? It does not match the timestamp of the latest event on the Network Activities tab.