TL;DR: When a flawed software update causes instability, compatibility issues, or newly introduced risk, a safe response may be to roll back to a known-good version, apply a vendor-approved workaround, or uninstall the software until a fixed release is available. PDQ Connect and PDQ Deploy & Inventory simplify the process by helping IT teams uninstall the problematic version, redeploy an earlier version, or create custom uninstall packages when prebuilt options are unavailable, keeping endpoints stable without forcing admins into panic-mode troubleshooting.
To roll back software, uninstall the problematic version, redeploy the last known-good version, and verify that affected endpoints are stable. This process helps IT teams respond quickly when an update introduces bugs, compatibility issues, or a security vulnerability.
Maintaining a rollback plan is one of the simplest ways to prepare for unanticipated yet unavoidable issues. It provides a systematic, repeatable approach to your in-house processes so that you’re not stuck coming up with ideas on the fly. This plan might also include information on your file and system backup strategy, version control, testing procedures, restore point, recovery plans, and other critical details.
Software rollback basics
What is a software rollback?
A software rollback is the process of removing a problematic software version and restoring a previous known-good version to reduce bugs, compatibility issues, or security risk.
How do you roll back software?
To roll back software, confirm the affected version, uninstall it from impacted endpoints, redeploy a previous stable version, verify the installation, and monitor devices for errors or missing dependencies.
Identify the affected application, version, and endpoints.
Confirm whether the vendor recommends rollback, workaround, or uninstall.
Uninstall the problematic version from impacted devices.
Deploy the previous stable version or restore from backup.
Verify the version, test core functionality, and monitor for new issues.
Which patch management tools support rollback?
Rollback support depends on the tool, application, operating system, and whether the update supports clean removal. For third-party apps, the most reliable rollback workflow usually combines endpoint targeting, uninstall automation, redeployment of a known-good version, and reporting to confirm success.
Tool | Rollback support | One-click rollback |
|---|---|---|
PDQ | Yes. PDQ can uninstall the problematic version and deploy an earlier package version when available. Admins can also create custom uninstall packages for apps without prebuilt uninstall packages. | No. Rollback is typically a controlled uninstall and redeploy workflow rather than a single rollback button. |
Action1 | Yes, for some scenarios. Action1 supports remote Windows update removal and software uninstall workflows. | Not clearly documented as a universal one-click rollback feature. |
NinjaOne | Yes, for some scenarios. NinjaOne supports uninstalling Windows patches and managing third-party software updates. | For Windows patches that support rollback, according to NinjaOne documentation. |
Manual rollback | Yes, if you have the installer, backup, restore point, or version control needed to restore the previous version. | No. Manual rollback usually requires several steps per device or a separate automation method. |
What patch management features make software rollback safer?
The safest patch management tools for rollback help IT teams identify affected endpoints, uninstall problematic versions, redeploy known-good versions, and verify results without touching each device manually.
Look for features that support:
Third-party application deployment and version control
Endpoint grouping for staged rollouts and rollback targeting
Active Directory or dynamic group targeting
PowerShell scripting for custom uninstall workflows
Remote deployment for distributed or hybrid workforces
Reporting to confirm rollback success and failed deployments
These features matter because rollback is rarely a single-button action. In most environments, it is a controlled uninstall, redeploy, and verification workflow.
What are your options when a flawed update or vulnerable version is discovered?
When a vulnerability or flaw is discovered in software already deployed across your network, your response depends on severity, business impact, vendor guidance, and whether a stable previous version is available.
Most teams choose one of four options:
1. Roll back the software to a previous version
2. Implement a workaround
3. Ignore the vulnerability and accept the risk
4. Uninstall the software
Let's briefly go over each of these options.
1. Roll back the software to a previous version
When an update introduces a vulnerability, often the best solution — and the one that has the least negative impact on users and operations — is to roll back the software, restoring it to its last known good configuration.
2. Implement a workaround
When a software update introduces a vulnerability, it's common for the developer to quickly provide a workaround to negate the vulnerability while they work on a patch to patch the patch (what a fun phrase). Sometimes workarounds are easy to implement, but occasionally they require drastic changes that could impact functionality.
3. Ignore the vulnerability and accept the risk
This is a do-at-your-own-risk type of solution. Obviously, having a vulnerable system on your network is a no-no, but occasionally you don't have any other choice. When a system is critical to operations and rolling back or implementing a workaround isn't an option, then accepting the risk is all you can do. In these situations, you'll still want to do whatever possible to minimize the risk. Additionally, sacrificing old computer equipment to the sysadmin god of your choice may or may not reduce your chances of the vulnerability being targeted by cybercriminals.
4. Uninstall the software
Uninstalling software that has been impacted by a vulnerability is an obvious solution, though not feasible in many situations. Organizations aren't in the habit of installing unnecessary software. I think you'll find that most users are unwilling to let go of apps they depend on to get their jobs done.
What option should you use when a flaw is discovered?
In most cases, roll back the software or apply a vendor-approved workaround first. Choose based on the vulnerability’s severity, the application’s business impact, and whether the previous version is safer to run.
Rolling back software often has the least negative impact on an environment. Keep in mind that the rollback option may delay the adoption of new features and security fixes, so you must consider those things compared to the severity of the vulnerability.
Implementing a workaround is also a good option if one is available. Some workarounds are easy to implement and won't impact usage. However, some can be difficult to implement or require that you modify features or settings, which would negatively impact the usefulness of an application.
If rolling back the software or implementing a workaround aren’t options, then your last-resort options are ignoring the vulnerability and accepting the risk while waiting for a new update or uninstalling the impacted application. You should only consider accepting the risk if the affected application is a critical system of the organization. Uninstalling the software is drastic, but it is worth considering if the software isn't vital and users can live without it until a new patch is released.
How to roll back software with PDQ Connect
You can roll back software in PDQ Connect by deploying an uninstall package to affected devices, then redeploying a previous stable version of the application. This gives admins a repeatable workflow for removing a bad update without touching each endpoint manually.
Note that we’ve randomly selected an example to illustrate the rollback process. This does not imply that the software has any known vulnerabilities at the moment.
Manage Windows & macOS devices from anywhere
With PDQ Connect, get real-time visibility into remote and local devices, deploy software, remediate vulnerabilities, automate routine maintenance, and remotely troubleshoot endpoints from one easy-to-use platform.
How do you roll back software using an uninstall package from the Package Library?
1. In PDQ Connect, click on Devices. Then, click the Deploy button in the upper right corner.

2. In the Search packages field, input the name of the software you want to remove. I’ll use 7-Zip as an example. Click the relevant uninstall package, select your target group or devices in the Search devices and groups field, then click Deploy.

Now that we’ve gotten that out of the way, we can reinstall an old version of 7-Zip.
1. Click on Devices > Deploy, then search 7-Zip, and select the 7-Zip package.
2. Use the drop-down menu to select your specific version from the multiple versions available.

3. Use the Search devices and groups field to find your target, then click Deploy.
How do you create a custom uninstall package for rollback?
While PDQ Connect has uninstall packages for some of the most common software, we don’t have one for everything. Thankfully, you can always build your own. We’ll walk you through how to build an uninstall package for 7-Zip (if we imagine a world where PDQ doesn’t already provide it).
1. In PDQ Connect, go to Devices. Click on a device that has the target software on it.

2. Select Software from the menu.

3. Under the Uninstall string column, copy the uninstall string for your target application.

4. Click Packages > Create package.

5. Give your package a name. Next, click the drop-down menu next to Add install step, and select Add script step.

6. Enter cmd.exe /c followed by the command you copied into the PowerShell command window, making sure there is a space between /c and your command.
7. Click Save to save and close the package.

Once you’ve created your package, just deploy it to any endpoints that you want to remove 7-Zip from. Then, follow the steps in the previous section to deploy an earlier version of the application to those same machines.
How to roll back software with PDQ Deploy & Inventory
Now let's look at a couple of examples of how to roll back software using PDQ Deploy & Inventory. Keep in mind that the applications targeted in these examples are only being used as examples and do not necessarily have a known vulnerability at this time.
How do you roll back software using an uninstall package from the Package Library?
For this first example, we'll be using Java 8, which has a prebuilt uninstall package included in the Package Library. The Package Library contains uninstall packages for tons of mainstream applications, making rolling back software super easy. We'll also use the version history feature in the Package Library to download and deploy an older, stable version of an application.
1. With PDQ Deploy open, click on Collection Library.
2. In the search box, enter Java 8.
3. Double-click the Uninstall Java 8 package to download it to your console.

4. Once the uninstall package has downloaded onto your console, right-click it and select Deploy Once.

5. In the software deployment window, click Choose Targets > PDQ Inventory > Collection.

6. Locate the collection you need. For the latest Java 8 collection, expand Collection Library > Runtimes > Java (JRE) > Java 8 > Java 8 32-bit > Java 8 32-bit (Latest), then click OK.

7. Back at the Deploy Once window, click Deploy Now to deploy the uninstall package.

Once the package has deployed and Java has been uninstalled, we'll return to the Package Library to download an older version of Java.
1. In the Package Library window, enter Java into the search field.
2. Click on the Java 8 package.
3. In the Package Details window, scroll down to view the previous releases.
4. Click Download Now next to the version you wish to download.

Once the package is downloaded, you can deploy it to the workstations that need it.
How do you generate an uninstall package with PDQ Inventory?
While there are a ton of uninstall packages available in the Package Library, you may come across an application that doesn't have one. If you need to revert software that doesn't have an uninstall package in the Package Library, we can use PDQ Inventory to generate one. Let's demonstrate the process using OpenOffice as our example application.
1. In PDQ Inventory, double-click on a computer that contains the application that you need to remove.
2. Click on the Applications page.

3. Right-click on the application you want to build an uninstall package for, then click Create Uninstall Package in PDQ Deploy.

4. PDQ Deploy will open, and the new uninstall package window will appear. Review the package, and click Save. Keep in mind that you'll want to ensure that the silent parameters have been configured correctly in the package.

Once the package has been saved, it's ready to deploy to the computers from which you need to remove the application. Afterward, follow the steps in the previous section to download and deploy a different version of the application from the Package Library.
Software rollback FAQs
How do I roll back a Windows app?
To roll back a Windows app, uninstall the current version, install the previous stable version, and confirm the application works as expected. At scale, use software deployment or patch management tools to target affected endpoints instead of fixing each machine manually.
Can I roll back software remotely?
Yes. You can roll back software remotely with endpoint management, software deployment, or patch management tools that can uninstall applications and deploy specific versions to managed devices.
Is rollback the same as uninstalling software?
No. Uninstalling software removes the application. Rolling back software removes the problematic version and replaces it with a previous stable version so users can keep using the application.
When should I roll back software instead of applying a workaround?
Roll back software when the current version causes unacceptable security, stability, or compatibility issues and a previous version is safer to run. Use a workaround when rollback would break business-critical functionality or when the vendor provides a safe temporary fix.
Can every software update be rolled back?
No. Some applications and patches do not support clean rollback, especially if the update changes databases, user profiles, drivers, or dependencies. Always test rollback before relying on it in production.
What should a rollback plan include?
A rollback plan should include affected software, target devices, uninstall commands, previous installer versions, backups, testing steps, success criteria, and owner responsibilities. The goal is to make rollback repeatable before everything is on fire.
Roll back software the easy way
Unfortunately, vendors don't have the best track record of releasing vulnerability- and bug-free updates. While we always recommend proper testing, it won't catch everything. Don't let vulnerabilities in the current version of your favorite software ruin your day. PDQ makes it easy to roll back software, keeping your environment vulnerability free and leaving you plenty of time to do what you love most, like arguing with strangers on the internet.
If you're not already using PDQ, what's the holdup? You can try it out for yourself and see how much time it saves you with a 14-day free trial. Within minutes, you'll be ready to start managing systems and deploying packages.




