Rolling Back Patches from Windows Assets
You can create a rollback job to roll back patches from Windows assets.
Watch Videos 
Rollback Windows Patches
You can only add patches to a rollback job when the isRollback property is set as true.
Go to Jobs > Windows > Create Job. Click Rollback Job and complete the following steps:
1. Basic Information
Enter the job name and description on the Basic Information page and click Next.
2. Select Assets
Refer to the following details and select the asset tags or assets from which to roll back the patches, select the required options, and then click Next.
The following two asset selection options are available:
- Manual Asset Selection: This option allows you to select assets manually.
- Import Assets: This option allows you to import the asset from the CSV file you upload.
Refer to the following manual asset selection steps:
i. Select assets or asset tags to which you want to apply the patches.
Want to add assets later? Go to the Assets tab, select one or more assets from the Quick Actions menu of a single asset, or from the Actions menu (bulk actions), click Add to Existing Job or Add to New Job. Once enabled, you cannot add assets later to On-Demand or run-once (non-recurring) jobs.
Patches are deployed on the tags you select only for assets in the user's scope. The corresponding child tags are automatically selected when you select the asset tag.
- Select Any to include assets that have any of the selected tags.
- Select All to include only those assets in the patch deployment job with ALL the selected tags.
ii. (Optional) Select the Add Exclusion Assets checkbox to exclude specific assets from the deployment job.
You can include and exclude a maximum of 50 assets from the job.
Based on the selected options, the final list of assets is calculated considering included and excluded asset tags and included and excluded assets.
iii. (Optional) Select the Add Exclusion Asset Tags checkbox to exclude the assets from the deployment job with All/ANY of the selected asset tags.
Note: You can include and exclude a maximum of 50 asset tags from a job. To understand how final assets are determined for a job, see Which Assets are Included in a Job.
Refer to the following import assets steps:
1. Click Import Assets.
2. Upload the CSV that includes the Assets you want to upload.
Important to Know
- You can import a maximum of 5000 assets from the CSV file.
- The asset names are case-sensitive. Hence, you must include the correct asset name in the CSV file. Incorrectly spelled assets or assets not available in your subscription are not considered for import.
- The CSV file is validated during the import process, and the reasoning or error for skipped assets is also recorded. You can download the validated file and get these details. Note that the CSV file validation and import process might take longer based on the number of assets included, which increases the file size.
Based on the selected options, the final list of assets is calculated taking into consideration included and excluded asset tags and included and excluded assets. To understand how final assets are determined for a job, see Which Assets are Included in a Job.
3. Select Patches
- Click the Plus
icon next to Select Patches to select the patches you want to roll back from the selected assets. You are navigated to the List: Patches available for Rollback page.
Functionalities Available on the List: Patches available for Rollback page:
- You can click Within Scope to view patches within the scope of the selected assets or click All to view all available patches.
- You can choose to view only the latest patches by applying a filter. To do so, click Yes next to Only Latest Patches (Non-superseded). - Select the patches, click Add to Job, and then click Close. You are navigated to the Select Patches page of the rollback job creation workflow.
If you want to add more patches, click the Plus icon next to Selected Patches on the Select Patches page and complete adding patches from the List: Patches available for Rollback page as explained earlier.
Good to Know!
- Yo can also add patches to the rollback job later. To do so, go to the Patches tab, and select one or more patches. From the Quick Actions menu of a single patch or from the Actions menu (bulk actions) click Add to Existing Job or click Add to New Job.
- You cannot add patches later to the On Demand or run-once (non-recurring) jobs after they are enabled.
- You can modify a job to add patches using the Add to Existing Job option from the Patches tab. However, you cannot add target assets or asset tags later. To apply patches to an asset that is not added to the job, you can 1) edit an existing job from the Jobs tab, 2) select the asset from the Assets tab and use the Add to Existing Job option, or 3) create a new patch job for that asset.
You can add a maximum of 2000 patches to a single job. To add patches above 2000, create another job.
4. Schedule
Choose when to roll back the patches, whether On Demand or Schedule.
The On-Demand option allows you to roll back the patches immediately once the job is created and enabled.
The Schedule option allows you to roll back the patches at a set time. You can choose to run the scheduled job daily, weekly, or monthly.
Monthly jobs which are scheduled to run on the 31st of the month will be scheduled every two months (where 31st date is available). Recurring jobs (Daily, Weekly, Monthly) should be enabled three hours prior to the scheduled time otherwise next eligible schedule will be considered.
5. Options
You can configure how to notify the users about the patch roll back.
In the case of all messages, we highly recommend that when you create the job, fill out the details in the Title and Message fields for these options as this will have better performance in the agent/platform acknowledging the requests. Keep the messages very brief and the descriptions as detailed as possible.
Patch Rollback messages
- Switch on the toggle next to the Pre-Rollback option to display the message to users before the patch rollback starts. If no user is logged in, rollback process starts per job schedule.
- Switch on the toggle next to the Rollback in Progress option to display the message to users while the patch rollback is in progress.
- Switch on the toggle next to the Rollback Complete option to display the message to users when patch rollback is complete.
Reboot Messages
Choose one of these options for reboot messages:
- Switch on the toggle next to the Suppress Reboot option when you want to suppress the asset reboot and users are not prompted for reboot post patch rollback.
- Switch on the toggle next to the Reboot Request option to display message to users to indicate that a reboot is required. If no user is logged in, the reboot will start immediately after patch rollback.
Note: Many patches require reboot in order to take effect. When enabled, it will show a message to users indicating that a reboot is required. If no user is logged in, the reboot will start immediately after patch deployment. You can configure this option to give the user the option to either reboot the machine immediately after the patch is deployed or defer the reboot "x" number of times so that the user can save the work and complete other tasks. Reboot will defer until 1) the user clicks OK when reboot message is shown or 2) maximum number of deferments are reached. - Switch on the toggle next to the Reboot Countdown option to display the countdown message to users after deferment limit is reached. This gives the end user an indication of how long it will take before the system is rebooted.
- Switch on the toggle next to the Reboot Countdown Upon Login option to consider the countdown time period only when the user is logged in.
See Reboot Settings
Notification Settings
You can choose to send email notifications to the intended recipients for events such as job starts or job completions. You can enter a maximum of 50 email addresses. Also, the distribution list is not supported.
Additional Job Settings
Switch on the toggle next to the Minimize job progress window option, to allow end-users to minimize the message windows.
6. Job Access
Choose Co-Authors for this job and click Next. Besides the owner, the selected Co-Authors can edit this job.
7. Confirmation
Review the rollback job configuration and click Save or Save & Enable.
When you click Save & Enable, the job is created in the ENABLED state.
When you click Save & Enable, the job created is in the DISABLED state.
You must enable the disabled job to run it. To enable a disabled job, simply go to the Jobs tab, then from the Quick Actions Menu of a job, click Enable. The Save & Enable option should be chosen only when you are confident that job is correctly configured, because this job will begin executing as soon as you "Save" the job. This option is available only when creating a Job the first time, not during editing the job.
You can use the Disable option to temporarily disable a scheduled job. You can then re-enable the job later at your convenience. On-Demand or run-once (non recurring) jobs cannot be edited or disabled once they are enabled.
You can use the Disable option to temporarily disable a scheduled job. You can then re-enable the job later at your convenience. On-Demand or run-once (non recurring) jobs cannot be edited or disabled once they are enabled.
Note that the SuperUser or Administrator can change the job status (enable/disable), delete and edit the job.
Related Links
Watch Videos Uninstall Windows Patches | Risk Reduction Recommendations