How to uninstall patches through Patch and Compliance Manager

Version 13

    Verified Product Versions

    Endpoint Manager 9.6Endpoint Manager 2016.xEndpoint Manager 2017.x




    A common question that is asked is "How can I use Patch and Compliance Manager to uninstall patches?"




    Uninstalling patches


    About the Uninstall patch dialog box


    You can uninstall patches that have been deployed to managed devices.


    For example, you may want to uninstall a patch that has caused an unexpected conflict with an existing configuration.. By uninstalling the patch, you can restore the device to its original state.

    To uninstall a patch

    1. Open the properties of the vulnerability for the patch that needs to be uninstalled.
    2. From any detection rule listing on the General tab, right-click one or more rules, and then click Uninstall Patch. If the Uninstall Patch option is grayed out, this option is not available for this patch and you will need to find another way to uninstall the patch.Capture.PNG
    3. Enter a name for the uninstall task (By default this is Uninstall Patch+Name of the patch to be uninstalled).
    4. Specify whether the uninstall is a scheduled task or a policy-based scan, or both.
    5. If you selected scheduled task, specify which devices from which you want to uninstall the patch.
    6. If the patch can't be uninstalled without accessing its original executable file (i.e., to use command-line parameters), and you want to deploy the executable using Targeted Multicast, check the Use multicast check box. To configure Multicast options, click the Multicast Options button. For more information, see About the Multicast options dialog.
    7. If you selected policy, and you want to create a new query based on this uninstall task that can be used later, click the Add a query check box.
    8. Select a Distribution and Patch setting from the available list (or create a custom setting for this scan, to determine how the scanner operates on end-user devices.
    9. Click OK. For a scheduled task, you can now add target devices and configure the scheduling options in the Scheduled tasks tool. For a policy, the new policy appears in the Application Policy Management window with the task name specified above. From there you can add static targets (users or devices) and dynamic targets (query results), and configure the policy's type and frequency.


    Use this dialog to create and configure an uninstall task for patches that have been deployed to affected devices.


    Task name: Identifies the task with a unique name. The default is "Uninstall Patch +  the name of the patch. You can edit this name if you prefer.

    Uninstall as a scheduled task: Creates an uninstall patch task in the Scheduled tasks window when you click OK.


    Task Settings


    About the task settings page


        Uninstall Settings


        Task Settings


    Portal Settings





    Further information from LDMS 2016 help file: Uninstall patches (patch rollback)