Why Can't I Undo a Patch Done by CYRISMA?
When CYRISMA applies patches or makes configuration changes (such as addressing vulnerabilities like obsolete TLS versions or weak ciphers), these changes cannot be automatically reverted through CYRISMA's platform. This article explains the rationale and recommended actions if you need to revert a patch.
Written by Liam Downward
Updated at March 17th, 2025
- User Manual
- Self Onboarding Guide
- Agents
- The Cyber Risk Assessment Process
- PSA Integrations
- General Questions and Troubleshooting
- The Cyber Risk Assessment Process (Video Tutorials)
- Sales and Prospecting Articles
- CYRISMA Partner Portal Access
- Glossary
- API Documents
- CYRISMA Change Log
- Support Ticket SLA
- Billing Questions
Table of Contents
Why Doesn’t CYRISMA Allow Automatic Rollbacks?
Currently, CYRISMA is designed as a proactive security tool to quickly remediate vulnerabilities identified in your environment. Once a patch or configuration change is applied through the CYRISMA agent, it cannot be reversed automatically. This design ensures consistent security baselines and compliance but does require manual intervention if a rollback becomes necessary.
Recommended Action if You Need to Undo a Patch:
- Identify the specific configuration or patch that needs to be reverted.
- Refer to the CYRISMA Knowledge Base or reach out to CYRISMA Support to receive guidance on manually reverting the specific change.
- Follow manual remediation steps provided by CYRISMA Support or outlined in the relevant Knowledge Base article.
Common Scenarios Requiring Rollback:
- Unexpected conflicts with critical applications or services (e.g., cipher suite updates impacting server functionality).
- Operational disruptions following configuration changes made to sensitive systems (like Domain Controllers).
Steps to Avoid Issues with Automatic Patching:
To minimize the need for rollbacks, consider the following best practices:
Suppress Vulnerabilities:
Proactively suppress vulnerabilities you don't wish to patch automatically, especially for servers or critical infrastructure.
Separate Workstation and Server Patching:
CYRISMA currently doesn't distinguish between servers and workstations in automated patching. It's strongly recommended to schedule maintenance windows for servers and apply critical patches manually or with supervision.
Conduct Backups Prior to Patching:
Always ensure recent backups are in place before applying significant security updates or configuration changes.
Future Enhancements:
CYRISMA is actively gathering feedback to enhance auto-patching capabilities, including:
- Granular control to separately manage auto-patching for servers and workstations.
- Enhanced suppression management to minimize unintended disruptions.
Need Further Assistance?
If you encounter an issue related to a patch or configuration change applied by CYRISMA, or if you require guidance on manually reverting a change, please contact CYRISMA Support.