We are seeing Installer evidence on a RHEL system that is listed as Uninstall within Raw Evidence Type. It is getting mapped to a product and are curious what this means in reference to RHEL. Where is it picking this type of evidence up from on a RHEL system?
‎Nov 08, 2022 01:29 PM
Uninstall raw evidence type is on the dark side, few or not documented. In principle, trace on uncomplete unsinstall action.
On windows, often remaining key in registry.
On Unix, not clear but uncommon. I suggest to have to a look on all raw file evidences, on the device via UI. If nothing, you have to have a look on the device it-self.
‎Nov 09, 2022 04:48 AM
Most installer evidence on an RHEL system is likely to come from the RPM (RedHat Package Manager) database.
The specific evidence you're looking at here is related to IBM DB2, so it is possible in this instance that it has been gathered based on output from running the db2licm license management tool.
‎Nov 24, 2022 10:45 PM