After discovering the event.log was binary-- but the file would seemingly load up fine in notepad, or notepad++.. I discovered the file was actually in a different character set called UCS-2 LE, which according to (http://docs.splunk.com/Documentation/Splunk/4.1/Admin/Configurecharactersetencoding) maps to the utf-16le characterset- that I had to specify that in the props.conf on the forwarder.
[monitor://C:ProgramDataMcAfeeHost Intrusion PreventionEvent.log]
index=
disabled = 0
sourcetype = hipsfw
followTail = 1
in props.conf (still on forwarder)
[hipsfw]
NO_BINARY_CHECK = true
CHARSET = utf-16le