Tanium 6.x: Windows Patch Uninstallation

Introduction

Rarely, a published update for Windows or Microsoft Software may be the root cause of issues, or may potentially cause an issue that must be avoided. When this occurs, customers may want an easy way to uninstall the update.

Locating Patches to Uninstall

To remove a Microsoft patch using Tanium, simply visit the Windows OS Patch Management dashboard inside the Patch Management dashboard.

Patch_uninstall_1.JPG
 
Patch Management Dashboard Group

Once there, look for the Uninstallable Windows Patches Saved Question. Type in a partial KB string, title, MS Security Bulletin ID, or other identifier to limit the number of results visible.

Patch_uninstall_2.JPG
 
Contact your Tanium TAM if you do not have this Saved Question in this Dashboard

Targeting

Verify that the lines shown are the patches you intend to remove. To limit targeting (and not uninstall the update, for instance, from every machine in the organization), you can select the lines of interest, right click, and choose Drill Down, picking a saved question you can use to decide which machines to target.

When satisfied with targeting, choose Deploy Package. The patch uninstallation package is pre-chosen. Choose how to deploy the action.

Verifying

The number of machines reporting that the patch is installed should decrease shortly after taking the uninstall action. This will be reflected in the Uninstallable Windows Patches Saved Question used to find the patch. The Count column should decrease.

Reboot

A patch may not be fully uninstalled until the target machines have been restarted.

Uninstallable Patches

Not all patches can be removed from endpoints. Only patches which Tanium can remove safely are listed.

Have more questions? Submit a request