WithSecure Rollback: now you can turn back time

Reading time: 5 min


  • 07/2023
Ben Tudor

WithSecure’s new feature allows you to roll back the clock in a quick and efficient way. Here’s how.

We’re bringing a practical recovery option to WithSecure Elements this quarter that provides further protection for users in the event of a successful attack. Rather than a first port of call in the event of an attack, it provides a tool of last resort should an attack succeed.

WithSecure Rollback provides a further layer of protection to Elements Endpoint Protection (EPP) in the rare event that your defenses, including the mechanisms we already provide through Elements EPP including DeepGuard, DataGuard, Application Control and so on, are unable to prevent a successful attack.

Other vendors provide this functionality as the first level of protection for organizations; it doesn’t prevent attacks or data loss on its own. Let’s break it down.

What is it?

Rollback allows you to restore original files and settings on a device following a malware attack. Basically, if something gets through to a user’s PC and starts getting up to no good, you can turn back time and reset the file system and registry. This is different from recovering from a backup, and also happens to be a lot easier.

We did this for server shares with our Server Share Protection in January, and WithSecure Rollback is built on the same underlying tech, doing for individual workstations what Server Share Protection has been doing for larger systems already.

Here’s what it looks like in action: Demo: Rollback for WithSecure™ Elements EPP - YouTube

How does it work?

When a user starts an application on their computer, Elements EPP checks WithSecure Security Cloud to confirm the app is known and approved.

At this point, you’d be forgiven for feeling a little skeptical: we’re all familiar with the frustration of finding an overzealous security control stopping us from getting our work done – even if it’s for the right reasons. Bear with us at this point.

If the application is known to be harmful, it’s immediately blocked. If it’s known to be safe, it can be started immediately. If it’s a third type – not known – the app is allowed to start, but the EPP agent monitors its activity, tracking all the changes the application makes in the endpoint’s file system and registry.

If the app then starts getting up to no good, Elements EPP closes it down and any changes made to the file system and registry are rolled back.

So far, so good – right? But it would be a huge frustration to the user if this was a false positive and all the work they’d done in the app was effectively deleted at the whim of the cyber security team. Don’t worry – we’ve got you. All the data and changes removed during the rollback are stored in a Quarantine area, so if after investigation it’s a genuine false positive, the rollback can be cancelled and all changes restored.

Get your free 30-day Elements EPP + EDR trial

Experience our award-winning endpoint solutions in action.

When can I start playing with it?

You’ll likely have already got access to Rollback with the latest Elements EPP agent update (currently v23.5) for endpoints – but get in contact with us if not and we’ll get it sorted.

WithSecure™ Software review

Please Review our Elements EPP via SoftwareReviews

Your opinion is important to us! Please take a moment to write a review on SoftwareReviews about your experience with Elements Endpoint Protection. The review can be given anonymously, and should take no longer than 5-6 minutes to complete. As a thank you for your approved review that meets the quality standards of the review platform, the first 100 respondents will receive a $25 Amazon gift card from SoftwareReviews. Alternatively, you can donate the entire gift card sum to charity.

Things to keep in mind:

  • Customers are asked to register via business email or LinkedIn for verification purposes.
  • Participants can select to remain anonymous, meaning all feedback will be fully anonymized.
  • Reviews from multiple users at the same organization are also accepted.

Related resources

WithSecure Elements Quarterly

Elements Quarterly Launch is our quarterly update about the major developments in our WithSecure Elements solution portfolio.

Read more

WithSecure™ Elements Endpoint Protection

WithSecure™ Elements Endpoint Protection offers cloud endpoint to block advanced, automated and targeted threats. Learn more here. 


Read more

Get your free 30-day trial now

Try Elements for 30-days, with no strings attached. You get immediate access to our award-winning Endpoint Protection and Endpoint Detection and Response solutions.

Here what’s to expect from our market-leading cyber security service:

  • Install in minutes with our quick start guides
  • Secure all devices 24/7 from malware
  • Gain immediate visibility into your IT environment and security status
  • Experience the all-in-one platform that elevates your security posture
  • Company info
  • Contact info for trial user

We process the personal data you share with us in accordance with our Corporate Business Privacy Policy.