Navigation:  Remote Monitoring and Management > Patch Management >

Uninstall Microsoft Patches

Previous pageReturn to chapter overviewNext page
Show/Hide Hidden Text

After an update to fix a threat becomes public knowledge, attackers will specifically target the exploit on unpatched devices. In line with security best practices to mitigate the impact of these types of attack it is always advisable to ensure computers are running the latest patches.

 

Depending on your company's policy, patches may be automatically installed as soon as they are released or reported as missing, or they may be tested in an internal sandbox environment before deployment to the Client's devices.

 

However, there may be instances where a problem was discovered with a patch after it was made publicly available, for example an issue did not manifest itself during the vendor's internal testing and was only discovered post-release.

 

To help deal with this situation with Microsoft patches, we have included the option to trigger the removal of Microsoft patches directly from the Dashboard.

 

There are two requirements:

 

Device is running Windows Monitoring Agent 10.2.0 (or later)
Patch is marked as uninstallable

 

To avoid accidental installation of the Patch in the future, once the uninstall action successfully completes, the patch's status changes to ignored.

 

hmtoggle_plus1Uninstall Specific Patch on a Device - Patch Information Dialog
1.Login to the Dashboard
2.Select the target device in the north pane
3.Go to its south pane Patches tab
4.Double-click on the target Patch to open the Patch Information dialog
5.Check if Uninstallable: Yes under Details
6.Click Uninstall
7.OK to accept the Confirm action message to initiate the removal process

 

pm_uninsall_patch

 

hmtoggle_plus1Uninstall one or more Patches on a Devices - Patches Tab

When selecting multiple patches, only those that are marked as uninstallable are removed.

 

1.Login to the Dashboard
2.Select the target device in the north pane
3.Go to its south pane Patches tab
4.Choose patches with multi-select (Shift and left-click for a range, Control and left-click for specific Patches)
5.Right-click on one of the selection (or from the Patch) drop-down
6.Click Uninstall
7.OK to accept the Confirm action message to initiate the removal process

 

pm_uninstall_patch

 

hmtoggle_plus1Uninstall one or more Patches across multiple Devices - Patch Management Workflow

This dialog contains information on all the discovered patches across your devices and the number of entries may easily stretch into the tens of thousands. To simplify the management of these patches we have included three main filters along with column options to provide a more targeted information.

 

Please note, the Uninstall option is only available on devices running Agent 10.2.0 or later where the Microsoft Patch has Yes in the Uninstallable column.

 

1.Login to the Dashboard
2.Go to Settings
3.Patch Management
4.Management Workflow

 

Select the Patches

5.Use the filters to return information on the target patch(es):

 

Filters

Notes

Search

The Patch name search supports partial string searches and returns those patches that contain an element of the entered string in their name.

 

Please note that the returned results are based on the Date and Filter by Status selection with the search immediately applied.

 

Date

Choose the patch Release Date range to display from: Last 24 hours | Last 7 days | Last 3 months | Last 6 months | Last year | All time

 

Filter by Status

Select Installed to return all Patches meeting this criteria with this setting immediately applied.

 

6.Click Apply filters to view the results or Reset filters to remove all filters and return to the defaults. Date: Last Month | Filter by Status: Missing
7.Use the Columns drop-down to refine the results, providing the required information to make a considered patch selection. For patch removal we would suggest at least the Installed and Uninstallable columns are enabled
8.Click on the left-column link (where available) to visit the vendor's site for more information on a patch.
9.Multi-select the patches (Shift and left-click for a range, Control and left-click for specific patches)

 

Uninstall Process

10.Proceed to continue
11.Choose Uninstall as the action to apply to the patch selection (only one option is supported)
12. Click Next
13. Select the device type (Servers and/or Workstations) to remove the patch from along with the Client and Site combination
14. Apply or Next to immediately initiate the uninstall process

 

 

Patch Selection Dialog

pm_workflow_main

Action Dialog

Entity Selection Dialog

pm_workflow_action

pm_workflow_clients

 

 

Notes

Ten Patches Limit

Up to ten patches are selectable for uninstall at any one time. Where you wish to remove more than ten Patches, we suggest batch deletion. Select the first ten choose Uninstall then repeat the process as often as required to remove any additional patches.

 

Recommendation: Reboot after Patch Uninstall

We strongly recommend rebooting the device once the Patch uninstall process is complete to ensure all remnants of the Parch are completely removed. Rebooting the device will also stop any of the Patch's dependencies which may have prevent the Patch's removal allowing the uninstall to begin.

 

Where the Patch status does not change from Installed (patch uninstall unsuccessful or requires a reboot) to Ignored the next time the scan runs after the restart we would suggest attempting to uninstall the patch again.

 

Patch Uninstall Process

After the Uninstall action is initiated the selected patch state moves to Uninstalling.

 

This action is immediately communicated to the Agent via the Persistent Connection (where available) or during the next scheduled 24x7 cycle.

 

Once the command is received, the Agent begins the uninstall process when Patch Management is inactive. i.e. it will not attempt to uninstall the patch where Patch Management is in the process of performing an action: scan, remediation or update.

 

We wait ten minutes after the last uninstall action completes before automatically running the Patch Status Scan and changing the Patch state to Ignored (uninstall successful) or Installed (Patch failed to uninstall or the device requires a reboot to complete the uninstall process).

 

The Patch Status Scan may also be manually initiated from the Dashboard.

 

1.Login to the Dashboard
2.Right-click on the target device in the north pane (or from the Server or Workstation drop-down)
3.Select Patch Management
4.Run Patch Status Scan
5.Once actioned this command is sent to the device and the Patch Status Check scan runs

 

Please be aware that the Patch Status Check scan performs an intensive analysis of the system and as such it may take some time to complete.

 

Superseded Patches

Patch Management utilises the Windows WSUS database to determine which Microsoft patches are missing on a device and where a patch is superseded by a subsequent release, WSUS does not report the original patch as missing.

 

As such where an uninstalled patch was superseded it no longer appears in Patch Management.

 

For example, KB3140410 supersedes KB3121212, if KB3121212 is uninstalled on the device no longer appears in Patch Management with only KB3140410 displayed.