need help in ESI's comparative log-view

about ESI's comparative log-view

Hello,
I am very interested in the integrated version of ESI.
its features like log comparing, rootkit revealing, all sound so good to me.
I installed ess4 and tried the log comparing feature. Its very nice but still has some rough edges.

eg , some of the search results can not be sorted properly.

2008 - next to 1980
and after clicking the result item, nothing happened, which is supposed to take user to correspondent entry in the tree view.







the icon legend in the lower left corner indicates that "+" means added item
but what has been added in this view?
IMO if the "+" represents something here, it maybe used like this:
..............: + 10Mb (to 223M) or - 10Mb(to 223M)
Local Time: + 6 mins (to xxxx-xx-xx xx:xx:xx)







this is not the only less meaningful item.

if this entry has nothing to show why mark it red?





would anyone kindly tell me how ESI decide which file is safe.

in this case, i suppose sxs.dll is more system related than a .net lib but it's been marked as unknown.
(is it because my system is the chinese version of xp? )







finally,

i think a [Go to File] function is 1000% welcomed.
there are always files that someone's not so familiar.
even if the log is not generated on his computer he can use the presence of that file on his machine as reference to its validity.

any idea?