View Expected vs Detected Values for Compliance Rules (CCE) in SanerNow CVEM When a Benchmark is Set and Marked Non-Compliant

Modified on Fri, 30 May at 12:07 PM

This guide helps you understand how to identify what value Saner CVEM is expecting and what it actually found on the system for a compliance rule (CCE), when a device is marked Non-Compliant after applying a benchmark.


  • Go to the Saner CVEM console.

  • Select your Organization, then go to your Account.

  • Navigate to:
    Devices > [Select your device] > Misconfigurations > Compliance Details

  • Find the rule (CCE ID) marked as non-compliant in the list.

  • Click the Evidence icon next to the CCE.


 What You’ll See in the Evidence View

FieldDescription
CCE IDCompliance rule identifier (e.g., CCE-97507-8)
Rule DescriptionWhat the rule checks (e.g., specific registry setting)
Registry Hive/Key/NameLocation in the system being evaluated
Expected ValueThe value the benchmark policy requires
Detected Value / StatusActual system value or key presence status


CCE-97532-6

  • Expected: RequireSignOrSeal = 1

  • Detected: 1

  • Compliant

 CCE-97507-8

  • Expected:

    • fPromptForPassword = 1

    • UserOption = 0

  • Detected:

    • fPromptForPassword → Key missing

    • UserOption = 1

  • Non-Compliant


To export all CCE evidence:

  • Navigate to Compliance Details

  • Click the CSV icon at the top-right corner



Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article