Best answer by Shawn
As long as our software was on the system before it was infected, it will use journaling to roll back any changes on a system. If the infection was a code injector, than our software will roll back to a previous version of the file with the correct MD5 that is not infected.
If our software is not on the system at the time it was infected, it will not be able to roll back.
Thank you and please let us know if you have any further questions.
Webroot Enterprise Support