Home
Compliance Setup Guide and User Guide
BigFix Compliance Analytics is a web-based application designed to help you manage security, vulnerability, and risk assessment. The application archives security and vulnerability compliance check results to identify configuration issues and report levels of compliance toward security configuration goals.
BigFix Compliance Analytics User Guide
BigFix Compliance Analytics is a component of BigFix Compliance, that includes technical controls and tools that are based on industry practices and standards for endpoint and server security configuration.
Patch Domain
EnableSupersededEval

Compliance Setup Guide and User Guide
BigFix Compliance Analytics is a web-based application designed to help you manage security, vulnerability, and risk assessment. The application archives security and vulnerability compliance check results to identify configuration issues and report levels of compliance toward security configuration goals.
- BigFix Compliance Analytics Setup Guide
- BigFix Compliance Analytics User Guide
  BigFix Compliance Analytics is a component of BigFix Compliance, that includes technical controls and tools that are based on industry practices and standards for endpoint and server security configuration.
  - Introduction
  - General Usage Concepts
  - Management Tasks
    The following management tasks can be performed if you have appropriate permissions.
  - Security Configuration Reporting
  - Patch Domain
  - Vulnerability Domain

EnableSupersededEval

In normal conditions, superseded patch fixlets have their relevance always evaluated to not relevant. This freezes the ETL logic for PR::PatchResult to the previous patch results or to return unknown status when a patch fixlet becomes superseded. In a client setting when BESClient_WindowsOS_EnableSupersededEval is set to 1, the superseded patch fixlet do not auto evaluate to not relevant.

If patch_a that addresses vuln_x and is superseded by patch_b which also addresses vuln_y.

Unpatched computer with setting enabled.

Scenario A: When the computer applies patch_a

patch_a result in console: not relevant

patch_a result in sca: not applied

patch_b result in console: relevant

patch_b result in sca: not applied

vuln_x result in sca: vulnerable

vuln_y result in sca: vulnerable

By applying the superseded fixlet, from both patch results view and vulnerability results view, Compliance becomes incorrect.

Scenario B: When the computer applies patch_b

patch_a result in console: not relevant

patch_a result in sca: not applied

patch_b result in console: not relevant

patch_b result in sca: applied

vuln_x result in sca: not vulnerable

vuln_y result in sca: not vulnerable