Security Controls can also scan for 'effectively installed patches.' A common case is when you install a single patch that replaces other patches. In this circumstance, the patches that were not installed but that have been replaced by the newer patch are considered effectively installed since you have at least the expected file version or greater for each of the files. For example, suppose you install a new Windows machine and then install a patch that replaces 20 earlier patches. While you've only 'installed' one patch, you've effectively installed 20 other patches.