• Capture Client 3.7
• Overview
  • Description
  • Navigation
  • Guide Conventions
• Dashboard
  • About the Dashboard
  • Global Dashboard
  • Tenant Dashboard
• Alerts and Notifications
  • Accessing Notifications
  • Viewing Alerts
• Threat Investigation
  • Investigating Threats
  • Analyst Verdict
  • Downloading a Threat File
  • Detected Threats
  • Threats Mitigated
  • Performing a Rollback
  • Resolving Threats
  • Blacklisting Threats
  • Benign Threats
• Investigating and Responding to Active Clients
  • SentinelOne Pending Actions
• Investigating and Responding to Active Users
• Enforce Trusted Certificates
• Investigating and Responding to Risky Applications
• SonicWall Support
  • About This Document

Performing a Rollback

Even if a threat has been re-mediated, you cannot be sure that there are no remnants that may impact performance (for example, registry keys, temp files, system changes, and so forth). The best way to avoid issues is to roll the system back to its last known good state. This is made possible using the Rollback function available with Capture Client.

Before performing rollback on Windows endpoints, you need to configure Volume Shadow Copy Service (VSS). To configure VSS on Windows computers for Capture Client rollback feature to work, see SonicWall Support Knowledge Base.

The Rollback function is only available on Windows endpoints and relies on the Virtual Shadow Copy Service (VSS) available in the Windows operating system. It is enabled by default and used to create the system recovery image. The Rollback function is only available for customers who procure the Capture Client Advanced license for their endpoints.

The Rollback feature is currently only available for Windows systems.

The time it takes for a rollback to complete depends on the size of the shadow copy, but for a large disk, it should only take a few minutes.

Once the rollback is complete, the Actions section shows that the rollback was completed successfully.