EnableSupersededEval
In normal conditions, superseded patch fixlets have their relevance always evaluated to
not relevant
. This freezes the ETL logic for
PR::PatchResult
to the
previous
patch results or to return unknown status when a patch fixlet becomes superseded. In a
client setting when BESClient_WindowsOS_EnableSupersededEval
is set to
1, the superseded patch fixlet do not auto evaluate to not
relevant
.
Unpatched computer with setting enabled.
Scenario A: When the computer applies patch_a
patch_a result in console: not relevant
patch_a result in sca: not applied
patch_b result in console: relevant
patch_b result in sca: not applied
vuln_x result in sca: vulnerable
vuln_y result in sca: vulnerable
By applying the superseded fixlet, from both patch results view and vulnerability results view, Compliance becomes incorrect.
Scenario B: When the computer applies patch_b
patch_a result in console: not relevant
patch_a result in sca: not applied
patch_b result in console: not relevant
patch_b result in sca: applied
vuln_x result in sca: not vulnerable
vuln_y result in sca: not vulnerable