Jump to content

EDR - How to perform a test rollback


HCHTech

Recommended Posts

I've been lucky and have not had to actually perform a rollback for a client yet, but I'd like to test the process on a sacrificial workstation.  For one, we can review our SOP, and perhaps most-importantly, we can see that this process actually works so we're not trying to figure it all out in a time of crisis.  The documentation appears to say that the software needs to have detected suspicious activity for a rollback to be available.   I'd like to setup quarterly testing of this process for clients - How can I do this?

Link to post
Share on other sites

  • Root Admin

Hello @HCHTech

I actually don't believe it is possible to do without real malware which is never recommended. I would open a support ticket and work with them for further information about this.

 

Business Support
https://service.malwarebytes.com/hc/en-us/requests/new

 

Thank you

 

Link to post
Share on other sites

That is.....disappointing.  I did open a ticket, and guess what, support cannot help - they sent me to SALES who want to do a demo.   Yeah, no - that's not what I'm interested in.  I want to see the thing work with my own eyes on a real machine that I control.  I don't think that's too much to ask.   This is no different than restoring a file or directory from backup to prove it works, IMO.

Link to post
Share on other sites

I can appreciate that However, consider the following:  This was a major feature that sold us on the product.  Not being able to test it, or prove that it works makes it vaporware.  I'm depending on it being there and working in a time of crisis when I cannot ascertain that beforehand.  If I had been more unlucky and actually HAD an infection among my client base where it saved the day, then this would be less of an issue.

I guess it occurs to me that the company is asking a lot for its users to trust that this feature will work when needed -- without providing the any ability (other than checking the box in the policy setup) to prove that it will be ready and waiting when you really need it.  If you will put yourself in my shoes for a moment, I think you will see my concern.  Help me sleep a little better at night by throwing me a breadcrumb here...

Link to post
Share on other sites

  • Root Admin

You can contact your sales person or open a support ticket to discuss in more details. I simply don't have a solution for your request.

I do understand your concerns. Thank you for the feedback

 

Business Support
https://service.malwarebytes.com/hc/en-us/requests/new

 

 

  • Thanks 1
Link to post
Share on other sites

  • 3 months later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.