Rarely, a published update for Windows or Microsoft Software may be the root cause of issues, or may potentially cause an issue that must be avoided. When this occurs, customers may want an easy way to uninstall the update.
Locating Patches to Uninstall
To remove a Microsoft patch using Tanium, simply visit the Windows OS Patch Management dashboard inside the Patch Management dashboard.
Once there, look for the Uninstallable Windows Patches Saved Question. Type in a partial KB string, title, MS Security Bulletin ID, or other identifier to limit the number of results visible.
Verify that the lines shown are the patches you intend to remove. To limit targeting (and not uninstall the update, for instance, from every machine in the organization), you can select the lines of interest, right click, and choose Drill Down, picking a saved question you can use to decide which machines to target.
When satisfied with targeting, choose Deploy Package. The patch uninstallation package is pre-chosen. Choose how to deploy the action.
The number of machines reporting that the patch is installed should decrease shortly after taking the uninstall action. This will be reflected in the Uninstallable Windows Patches Saved Question used to find the patch. The Count column should decrease.
A patch may not be fully uninstalled until the target machines have been restarted.
Not all patches can be removed from endpoints. Only patches which Tanium can remove safely are listed.