Showing results for 
Search instead for 
Did you mean: 
Level 12
Report Inappropriate Content
Message 1 of 4

Endpoint Encryption Confusion in ePO

Attached is a  screen shot of one of my test machines. I have a task setup to remove the Endpoint Encryption for PC 6 and a task to remove the Endpoint Encryption agent 1.0.1. The Remove Endpoint Encryption Agent task is set only to remove the agent from machines that have an Endpoint Encryption State of In-Active which I thought should be accomplished by removing the EEPC 6 product. As you can see form the screenshot from the ePO server this machine does not have the EEPC6 anymore but still has the Endpoint Encryption Agent installed. Why does ePO still list under the Endpoint Encryption heading that the state is Active? A McAfee tech told me that the Endpoint encryption headed section in ePO only refers to the EE Agent. Can that be right? Also please see the other two screenshots that were taken from the machine in question. If EEPC is not installed why is the client saying it is in the Show Encryption Status and why does it still show the EEPC 6 module as being installed? Thanks for any clarification.

3 Replies

Re: Endpoint Encryption Confusion in ePO

Before you remove anything, you need to ensure your state is Inactive and the drives are decrypted.  To do so, you should modify your task for the machine and uncheck the Enable box for the policy. Then wake up the agent and you should see the client start decrypting.

Here are some steps I wrote up:

·         Go to Menu | Systems | System Tree

·         Locate the system you wish to encrypt.

·         Check the system’s check box and press the Actions button.

·         Select Agent / Modify Policy on a Single System

·         Click Edit Assignment for Product Settings.

·         Select ‘Break Inheritance and assign the policy…”

·         Choose New Policy.

·         Create a policy based on ‘My Default’ and name it Decrypt.

·         Uncheck ‘Enable Policy’ under the General Tab.

·         Set Encryption to ‘None’ under the Encryption tab.

·         Save the policy and ensure it is assigned to the computer.

·         In the system tree, check the box next to the computer and click Wake Up Agents.

·         Check the Force complete policy and task update and click OK.

·         Right click the McAfee icon on the computer and choose McAfee Agent Status Monitor and Quick Settings / Show Endpoint Encryption Status to verify agent communication.

·         Eventually the Volume Status should switch from Encrypted to Decrypting and when finished the System State will show Inactive.

Once this is done, you can run your tasks to remove the Software first, then the agent.

Level 12
Report Inappropriate Content
Message 3 of 4

Re: Endpoint Encryption Confusion in ePO

Thank you for your response. However I already have a policy in place that has the "enable policy" checkbox removed and the machine is decrypted. The problem starts after that. ePO is reporting that the EEPC 6.0.1 is not an installed product any longer but when I look at the machine in the "Show Endpoint Encryption Status" it shows the system state as "Active" and the volume status of c: -Decrypted. Whenever my task runs to uninstall the EEPC 6.0.1 from this machine it fails, I am assuming it fails because it is reporting that EEPC is still "Active". My problem is that the machine will not go to the "Inactive" state and that the ePO server already is reporting that EEPC is not installed. I thought this was a "fluke" on this machine so I re-installed Windows and tried it again and got the same results.

Level 12
Report Inappropriate Content
Message 4 of 4

Re: Endpoint Encryption Confusion in ePO

As a side note I discovered that ePO does not show EEPC as an installed product on any of my test machines. I was lead to believe by a McAfee technician that EEPC 6.0.1 should show up in ePO as an installed product just like the EE Agent does. This is not the case it never appears as an installed product to ePO.

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community