Security, McAfee, Decrypting McAfee-managed encryption, and Breaking ePO connection from managed endpoints

Describes how to break the connection between the McAfee ePO management connection and remove McAfee-managed drive encryption.

Technology Services will no longer support McAfee and McAfee ePO after 12/31/2016

After 12/31/2016, antivirus and full disk encryption cannot be managed via ePO. On the endpoint, the software will continue to function; however, it will need to be managed at the endpoint. That means it will no longer be logging virus and encryption information centrally. When the McAfee software reaches end of life, it will require manual intervention at each endpoint. The University will continue to support other popular antivirus software like Malwarebytes, which will not be affected by this change. The personal version of McAfee antivirus for Windows or Mac, previously downloaded from the WebStore, will also not be affected by this change. However, moving forward, we will no longer be offering a personal version of McAfee antivirus. Instead, the University of Illinois makes the following recommendations for antivirus software:

What you can do

We recommend that you begin to transition to other software solutions on your University machines.

For a list of available antivirus and encryption software, as well as instructions for use, please see our blog post:


For questions or concerns, please contact the Technology Services Help Desk at 217-244-7000 or by email at


McAfee products can be managed remotely via the University ePO. In order to completely remove McAfee-managed drive encryption, an IT Pro will need to break this connection and unencrypt the endpoint's drive. The following steps describe how to do this task.

You will need

  • administrative access to the affected Windows or MacOS systems (the endpoints).
  • remote access to control the installed McAfee software on the endpoints via the University ePO.

Decypt encryption before removing McAfee products!

Your endpoints may have multiple McAfee products installed on them. Typically you'll want to decrypt the drive before you remove other McAfee products.


  1. Log in to ePO by visiting and select the "System Tree" icon at the top of the page.
  2. In the left pane, drill down to your OU (My Organization→→and so on) and select the OU to which you wish to apply a policy.
  3. To decrypt McAfee-managed encryption select the "Assigned Policies" button then select your encryption product in the "Product" popup – typically "Drive Encryption Go", "Endpoint Encryption", or "Endpoint Encryption for Mac". epo-assigned-policies-button-highlighted.png
  4. Underneath the "Actions" column select the "Edit Assignment" link and a new panel will appear.
  5. In the new panel, set the policy assignment to "Break inheritance and assign the policy settings below" as illustrated and select "Save" at the bottom-right.
    The "Lock policy inheritance" setting will not be listed.
  6. Do not do anything else in ePO to that device until the decryption process is complete. This includes uninstalling each remaining McAfee product or Agent. Don’t try to break inheritance and/or uninstall multiple products simultaneously.

How to tell you've broken an endpoint's connection to McAfee management

After the McAfee Endpoint Encryption is removed, you can select a machine entry in the "Systems" panel then select the "Endpoint Encryption" tab and you should see "No details are available". This message will provide positive confirmation that you’ve successfully removed McAfee-managed endpoint encryption.

Keywords:decryption mcafee "drive encryption" removing endpoints ePO products   Doc ID:68048
Owner:J.B. N.Group:University of Illinois Technology Services
Created:2016-10-25 15:39 CDTUpdated:2017-02-03 13:27 CDT
Sites:University of Illinois Technology Services
Feedback:  0   0