Security, Mcafee, Removing McAfee Applications and Breaking ePO Connection from Managed Endpoints

Describes how to break the connection between the McAfee ePO management connection and remove most McAfee products (such as antivirus).

Technology Services will no longer support McAfee and McAfee ePO after 12/31/2016

After 12/31/2016, antivirus and full disk encryption cannot be managed via ePO. On the endpoint, the software will continue to function; however, it will need to be managed at the endpoint. That means it will no longer be logging virus and encryption information centrally. When the McAfee software reaches end of life, it will require manual intervention at each endpoint. The University will continue to support other popular antivirus software like Malwarebytes, which will not be affected by this change. The personal version of McAfee antivirus for Windows or Mac, previously downloaded from the WebStore, will also not be affected by this change. However, moving forward, we will no longer be offering a personal version of McAfee antivirus. Instead, the University of Illinois makes the following recommendations for antivirus software: https://answers.uillinois.edu/illinois/page.php?id=67971.

What you can do

We recommend that you begin to transition to other software solutions on your University machines.

For a list of available antivirus and encryption software, as well as instructions for use, please see our blog post: https://techservices.illinois.edu/news/2016/ending-support-mcafee-products-university-computers.

Help

For questions or concerns, please contact the Technology Services Help Desk at 217-244-7000 or by email at consult@illinois.edu.


Introduction

McAfee products can be managed remotely via the University ePO. In order to completely uninstall McAfee products, an IT Pro will need to break this connection and uninstall these programs. 

The following steps describe how to do this task. These steps will need to be repeated once per McAfee product, in order to completely remove the undesired McAfee software.

You will need

  • administrative access to the affected Windows or MacOS systems (the endpoints).
  • remote access to control the installed McAfee software on the endpoints via the University ePO.

You may need to repeat these steps multiple times!

McAfee's ePO policies are applied to an individual endpoint or a set of endpoints (such as an entire OU of endpoints). Breaking the connection to the server and uninstalling McAfee software are each handled in separate policies. Each policy is applied one at a time, therefore (depending on how many McAfee products you have installed on your endpoints) you may need to follow the following steps multiple times, changing or applying a different policy with each pass over a set of endpoints.

Steps

  1. Log in to ePO by visiting https://epo.cites.illinois.edu:8443/ and select the "System Tree" icon at the top of the page.
    epo-system-tree-icon.png
  2. In the left pane, drill down to your OU (My Organization→ad.uillinois.edu→and so on) and select the OU to which you wish to apply a policy.
  3. At this point the process changes slightly depending on what you're trying to do:
    epo-assigned-policies-button-highlighted.png
    • Antivirus: If you want to uninstall McAfee VirusScan, select "McAfee agent" or the product for which you wish to break inheritance in the "Product" popup.
    • Other McAfee products: If you want to uninstall other McAfee products, select the policy named after the product for which you would like to break inheritance in the "Product" popup.
  4. Underneath the "Actions" column select the "Edit Assignment" link and a new panel will appear.
  5. In the new panel, set the policy assignment to "Break inheritance and assign the policy settings below" as illustrated and select "Save" at the bottom-right. The screenshot below shows the most common task, removing McAfee antivirus.
    epo-policy-assignment-panel-full.png
  6. Don’t try to break inheritance and/or uninstall multiple products simultaneously. This means you will have to run through these steps multiple times but you’ll be notified of each product removal as you go.

How to tell you've broken an endpoint's connection to McAfee management

After the ePO no longer sees McAfee products installed on the endpoint, you can confirm this in one of two ways:

  1. By going to the endpoint's entry in the list of available endpoints in the target OU and picking "System properties" which brings up a table of properties describing that endpoint. In the "Installed products" row you will see there are no products listed.
  2. The "Products" tab also shows an empty list of products. This will provide positive confirmation that you’ve successfully removed McAfee products.
After the McAfee agent is removed, the machine entry in the “Systems” panel “Managed State” column will read “Unmanaged”.



Keywords:mcafee removing endpoints ePO products antivirus   Doc ID:68129
Owner:J.B. N.Group:University of Illinois Technology Services
Created:2016-10-28 14:34 CDTUpdated:2017-03-16 13:35 CDT
Sites:University of Illinois Technology Services
Feedback:  0   0