Create Isolation Rollback Job

You can create isolation rollback job for the vulnerabilities of the respective assets that are already isolated. 

If an asset is higly vulnerable, and a patch is available for the isolated device, Qualys recommends to first deply the patch on the asset and then rollback the isolation. This addresses the vulnerability and safely adds the asset back to the network.

Navigate to the VMDR > Vulnerabilities tab and select the QID to rollback. From the Quick Actions menu, click View Risk Elimination. You are redirected to the Isolation > Eliminations tab. Click Rollback Isolation. 


On the Rollback Asset Isolation window, click Continue. 

On the Create: Windows Isolation Rollback Job window, perform the following steps: 

1. Basic Information
2. Select Assets
3. Schedule
4. Job Access
5. Review and Confirmation 

1. Basic Information

   Enter a job title and description of the job in the respective fields and click Next.

2. Select Assets

   The selected asset is automatically displayed on the screen. Click Next.

    Important to Know           

• You can only remove assets, but cannot add additional assets to the mitigation job.   
• If you remove an asset,  the associated QID is also removed from the job. 
• You need atleast one asset to save the rollback isolation job. 

3. Schedule

i) The On Demand job run option is selected by default, and the job is executed once enabled.

ii) To schedule the job to run at a specific time: 

1. Click Schedule.
2. Select the required START DATE and START TIME.
3. To select the required timezone, click Set timezone and select from the options from the drop-down list.
   By default, the system uses the agent timezone.
4. Click Next. 

4. Job Access

Select the co-authors for this rollback isolation job and click Next. The co-authors can perform job actions based on their permissions, such as editing the job. 

5. Review and Confirm

Review your selections, and select Save or Save and Enable the job. 

Note that the SuperUser or Administrator, or a user who has the permission to manage the job, can change the job status (enable/disable), delete and edit the job.

• When you click Save, the job is saved, and its status is DISABLED. You can enable it later. 

To run a job in the DISABLED state, you must enable it. To enable it, go to the Jobs tab and click Enable from the Quick Actions menu of a job.

• When you click Save & Enable, the job is saved and ENABLED. This option is available only when creating a Job the first time, not during editing the job.

The Save and Enable option should be chosen only when you are confident that the job is correctly configured because it's enabled and in a good-to-execute state.

Once all the CVEs associated with the QID are rolled back, the Isolated status will be removed. After rollback, the QDS score reverts to the original score when the vulnerability was not isolated.

For example, if the QDS score of the CVE before isolation was 90, and after isolation, the score was reduced to 0, then after the rollback action, the score changes back to 90.  

The isolation rollback job status can be viewed on the VMDR > Vulnerabilities tab.