Rollback and Remediation

Modified on Wed, 3 Jan at 10:19 PM

Overview


  Rollback restores files that have been deleted or corrupted.

The "Remediate" function, on the other hand, deletes files newly created by software.


    The "Rollback" and "Remediate" functions complement each other, and enable the activity of an attack to be reversed by restoring the affected files and deleting the malicious elements created.




    These features are based on Microsoft's "Shadow Copy" snapshot tool, as well as events collected on the console. This is achieved by taking the following elements into consideration:

  • Versioning system set according to security policy
  • No files are saved
  • Snapshots are implemented directly on the partition, with disk usage managed by the OS.


2 -  Roll back and remediate


    

 Two methods of use :

  • Manual: create a rollback remote action by specifying the file or files to be restored, specifying the path and the date closest to the desired version.
  • Automatic: from a threat, use the "Rollback & Remediate" fast action, the list of files to be restored is created directly based on events linked to threat processes and creates an automated playbook of actions.



  • Automatic: from a threat, use the "Rollback & Remediate" fast action, the list of files to be restored is created directly based on events linked to threat processes and creates an automated playbook of actions.



Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons

Feedback sent

We appreciate your effort and will try to fix the article