A common question that is asked is "How can I use Patch Manager to uninstall patches?"
Uninstalling patches
You can uninstall patches that have been deployed to managed devices.
For example, you may want to uninstall a patch that has caused an unexpected conflict with an existing configuration.. By uninstalling the patch, you can restore the device to its original state.
To uninstall a patch
1. Open the properties of the vulnerability for the patch that needs to be uninstalled.
2. From any detection rule listing on the General tab, right-click one or more rules, and then click Uninstall Patch. If the Uninstall Patch option is greyed out, this option is not available for this patch and you will need to find another way to uninstall the patch.
3. Enter a name for the uninstall task.
4. Specify whether the uninstall is a scheduled task or a policy-based scan, or both.
5. If you selected scheduled task, specify which devices from which you want to uninstall the patch.
6. If the patch can't be uninstalled without accessing its original executable file (i.e., to use command-line parameters), and you want to deploy the executable using Targeted Multicast, check the Use multicast check box. To configure Multicast options, click the Multicast Options button. For more information, see About the Multicast options dialog.
7. If you selected policy, and you want to create a new query based on this uninstall task that can be used later, click the Add a query check box.
Select a scan and repair setting from the available list (or create a custom setting for this scan, to determine how the scanner operates on end user devices.
Click OK. For a scheduled task, you can now add target devices and configure the scheduling options in the Scheduled tasks tool. For a policy, the new policy appears in the Application Policy Management window with the task name specified above. From there you can add static targets (users or devices) and dynamic targets (query results), and configure the policy's type and frequency.
About the Uninstall patch dialog
Use this dialog to create and configure an uninstall task for patches that have been deployed to affected devices.Task name: Identifies the task with a unique name. The default is the name of the patch. You can edit this name if you prefer.
Uninstall as a scheduled task: Creates an uninstall patch task in the Scheduled tasks window when you click OK.
Select targets: Specifies which devices to add to the uninstall patch task. You can choose no devices, all devices with the patch installed, or only the devices with the patch installed that are also selected (this last option is available only when you access the Uninstall Patch dialog from within a device Security and Patch Information dialog).
If the original patch is required:
Use Multicast: Enables Targeted Multicast for deploying the uninstall patch task to devices. Click this option, and click Multicast Options if you want to configure the multicast options. For more information, see About the Multicast Options dialog below.
Uninstall as a policy: Creates an uninstall patch policy in the Scheduled tasks window when you click OK.
Add query representing affected devices: Creates a new query, based on the selected patch, and applies it to the policy. This query-based policy will search for devices with the selected path installed and uninstall it.
Scan and repair settings: Specifies which scan and repair setting is used for the uninstall task to determine whether the security and patch scanner displays on devices, reboot options, MSI location information, etc. Select an scan and repair setting from the drop-down list, or click Configure to create a new scan and repair setting.
Note: This information can be found in the LDMS 8.8 help file under the headings "Uninstalling Patches" and "About the Uninstall Patch Dialog"