I am sorry but there is no way to roll back patch only.
Be sure that this machine gets a correct McAfee Agent policy set to the Evaluation branch for updating VSE patches.
Depending of the size of your environment, you could:
1. Move patch 5 to the Evaluation branch (no VirusScan patches should be available from the Current branch)
When patch 5 is available in the Current branch a manual update will for example download and install the patch regardless of the agent policysetting
2. Change your "default" McAfee Agent policy to look for VirusScan patches from the Evaluation branch (In this way all other machines will have the latest patch in a controlled way)
3. Create a new Agent policy that uses that uses the Current branch for all updates
4. Assign the newly created policy to the machine with the issue
5. Manually install VSE 8.7 with patch 4 on the machine
You could also do more config in ePO to have ePO do the installation onn the client but since only one machine then it's less config to do a manual install.
Also if your environment contains 10000+ nodes it might not be worth doing this config change for only one machine.
Thanks. I ended up loading VSE8.7P4 into the evaluation section of the repository and creating a new agent policy that didn't update VSE from the current repository, remove/push out VSE after modifying deployment task on that one server to push AV out from evaluation branch.