A saved copy of an operating environment (operating system, essential utilities, up-to-date policy settings, etc.) that is known to be free of malware and can be trusted. The known-good software may be used to replace the existing environment before patches or updates are installed. After the updates are carefully tested and everything is running smoothly, the environment is saved again.
Using known-good software provides an unbroken chain of original software devoid of accidental modifications that may be caused through day-to-day operations. See known-good die