Previous Pattern File Version Rollback
Problems with the scan engine and/or pattern files are very uncommon. However if a problem does occur, it is likely to be due either to file corruption or false positives (incorrect detection of malware in non-problematic files).
If a problem does arise, you can deploy an Action to affected endpoints that will delete the files in question and replace them with a different version. This action is called a pattern rollback, and you can rollback all or selected pattern files. By default, the CPM server keeps 15 previous versions of the pattern and engine file for rollbacks. You can set this feature at the bottom of the Server Settings Wizard. Click .
There are several things to bear in mind with regards to rolling back a pattern update:
Part of the rollback process is to lock-down endpoints to prevent any further pattern updates until the lock has been cleared. The lock serves as a safeguard against re-introducing whatever issue it was that triggered the need for a rollback. Once the issue has been resolved, either by changing something on the endpoints or by acquiring a different version of the pattern file, you will need to run the Core Protection Module - Clear Rollback Flag Task to re-enable updates.
If your clients are not all running the same version of the pattern file, that is, some have the current pattern and some have a much older version, and you perform a rollback to the previous version, those with the current version will be reverted to the previous version, while those with the older version will be updated to the version.
You can rollback all or selected pattern files. However, even if you only rollback one pattern file, you will still need to reset the rollback flag for all pattern files.