Removing McAfee Applications and Breaking ePO Connection from Managed Endpoints

Describes how to break the connection between the McAfee ePO management connection and remove most McAfee products (such as antivirus).


McAfee products can be managed remotely via the University ePO. In order to completely uninstall McAfee products, an IT Pro will need to break this connection and uninstall these programs. 

The following steps describe how to do this task. These steps will need to be repeated once per McAfee product, in order to completely remove the undesired McAfee software.

You will need

  • administrative access to the affected Windows or MacOS systems (the endpoints).
  • remote access to control the installed McAfee software on the endpoints via the University ePO.

You may need to repeat these steps multiple times!

McAfee's ePO policies are applied to an individual endpoint or a set of endpoints (such as an entire OU of endpoints). Breaking the connection to the server and uninstalling McAfee software are each handled in separate policies. Each policy is applied one at a time, therefore (depending on how many McAfee products you have installed on your endpoints) you may need to follow the following steps multiple times, changing or applying a different policy with each pass over a set of endpoints.


  1. Log in to ePO by visiting and select the "System Tree" icon at the top of the page.
  2. In the left pane, drill down to your OU (My Organization→→and so on) and select the OU to which you wish to apply a policy.
  3. At this point the process changes slightly depending on what you're trying to do:
    • Antivirus: If you want to uninstall McAfee VirusScan, select "McAfee agent" or the product for which you wish to break inheritance in the "Product" popup.
    • Other McAfee products: If you want to uninstall other McAfee products, select the policy named after the product for which you would like to break inheritance in the "Product" popup.
  4. Underneath the "Actions" column select the "Edit Assignment" link and a new panel will appear.
  5. In the new panel, set the policy assignment to "Break inheritance and assign the policy settings below" as illustrated and select "Save" at the bottom-right. The screenshot below shows the most common task, removing McAfee antivirus.
  6. Don’t try to break inheritance and/or uninstall multiple products simultaneously. This means you will have to run through these steps multiple times but you’ll be notified of each product removal as you go.

How to tell you've broken an endpoint's connection to McAfee management

After the ePO no longer sees McAfee products installed on the endpoint, you can confirm this in one of two ways:

  1. By going to the endpoint's entry in the list of available endpoints in the target OU and picking "System properties" which brings up a table of properties describing that endpoint. In the "Installed products" row you will see there are no products listed.
  2. The "Products" tab also shows an empty list of products. This will provide positive confirmation that you’ve successfully removed McAfee products.
After the McAfee agent is removed, the machine entry in the “Systems” panel “Managed State” column will read “Unmanaged”.

Keywords:mcafee removing endpoints ePO products antivirus   Doc ID:68129
Owner:J.B. N.Group:University of Illinois Technology Services
Created:2016-10-28 13:34 CSTUpdated:2016-12-19 15:52 CST
Sites:University of Illinois Technology Services
Feedback:  0   0