Showing results for 
Show  only  | Search instead for 
Did you mean: 

Re: McAfee Open API via PowerShell

@vidrine any luck yet?

Level 9
Report Inappropriate Content
Message 32 of 46

Re: McAfee Open API via PowerShell

None yet, work has been keeping me occupied.  I should be able to get it together by end of next week at the latest.

Level 7
Report Inappropriate Content
Message 33 of 46

Re: McAfee Open API via PowerShell

I've managed to create this powershell command to delete hostnames out of ePO.  You can use my template to help build more .ps1 scripts.  Would you like to work together and create more?


# Created with: SAPIEN Technologies, Inc., PowerShell Studio 2012 v3.1.34

# Created on: 10/02/2014 09:45 AM

# Created by: Brandon Stevens

# Organization:

# Filename: RemoveHostFromePO.ps1

# ePO 5.1.1




System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$true}

# Causes WebClient to ignore certification validation



= Get-Credential -Credential "$env:USERDOMAIN\$env:USERNAME




= New-Object




.Credentials = $Credential.





"URL of your ePO server and PORT #"



= Read-Host -Prompt

"Enter PC name or username"



= Get-Date -Format




= "$epoServer/remote/system.delete?names=$Computer







XML]$ResultXML = $WebClient.DownloadString($SearchURL).Replace("OK:`r`n",""




.result.list.element.CmdReturnStatus | select-object name,message,@{Name="Username";expression={$env:USERNAME}},@{name=”Date”;expression={$Date}} | export-csv "PLACE THE DIRECTORY YOU WOULD LIKE YOUR .CSV FILE TO GO TO" –NoTypeInformation




-From E-MAIL ADDRESS YOU WANT TO SEND THE E-MAIL FROM -Subject "$Computer Removed from ePO" -To $recipients -Body "$Computer was removed from ePO by $env:USERDOMAIN\$env:USERNAME on





-Port 25 -SmtpServer



#Let me know if you have any questions on this.  It works seamlessly and I'd love to work together and create more!

#Thank you,

#Brandon Stevens

Re: McAfee Open API via PowerShell

Hey, Brandon, this is great! BUT... the forum is Emoji'ing your script! The part that talks about the URI / URL

Could you put it inside Code tags,

Like this


Of course I'm guessing it's Colon followed by letter o? since it's "surprised emoji"? 😮

Re: McAfee Open API via PowerShell

Hi all. 

I noticed that this thread is a little stale now but if anyone is interested newer powershell cmdlets are available and I have started working on this today. 

The newest and easiest way to call the remote commands is to use the Invoke-RestMethod cmdlet. 

I will post my examples for Tagging and Agent  Wakup tomorrow if it helps. 



Volunteer Moderator

Certified McAfee Product Specialist - ePO

Level 7
Report Inappropriate Content
Message 36 of 46

Re: McAfee Open API via PowerShell

I am definitely interested.  We have a dying server with 7k duplicate system names on it.  I could construct the query to pull out the information I need (list all duplicates except the one with the latest communication) if I could get at the SQL directly.  I am told that there's no way to do that within ePO so I'm looking for a way to pull that information and then tag those systems for deletion.  I was very excited when I logged onto this forum and saw a recent entry for powershell.

Re: McAfee Open API via PowerShell


I have been able to set Tags on systems using the following PowerShell v3 cmdlets:

$creds = Get-Credential

$Uri = "https://<ePOServerFQDN>:8443/remote/system.applyTag?names=<systemname>&tagName=<tagname>"

Invoke-RestMethod -Uri $Uri -Credential $creds

The first line will prompt you for Credentials with permissions to connect to the epO Web API AND have the permissions to use Tags.

The Second line sets up the Uri to call. In this example please replace <ePOServerFQDN> with your epo server FQDN, <systemname> with the name of a system in your System Tree and <tagname> with a valid Tag in your Tag Catalogue.

The third line will Invoke the PowerShell Invoke-RestMethod cmdlet with the Uri and Credentials provided.

If all is successful you should get an OK response back, then take a look at the System in your system tree and see if the Tag has been assigned. Also check out the Audit Log and you will see the Audit entry for the action carried out.

Using the Invoke-RestMethod with the correctly formed -Uri and -Credential parameters you can call any of the API methods.

Take a look at the Web API documentation for available Methods and the Invoke-RestMethod Documentation at Microsoft.



Volunteer Moderator

Certified McAfee Product Specialist - ePO

Re: McAfee Open API via PowerShell

I made some additional changes to your powershell script that adds one tag to one machine. As a test I can add tags to about 30 machines. When I rerun the script again to add 800 more machines I receive the following error.

Invoke-RestMethod : The remote server returned an error: (400) Bad Request.

At C:\Users\...\ePO-addTags.ps1:55 char:1

+ Invoke-RestMethod -Uri $Uri -Credential $creds

+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    + CategoryInfo          : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-RestMethod], Web


    + FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeRestMethodCommand

My question is what is the maximum number of connections, timeout for ePO?

Level 7
Report Inappropriate Content
Message 39 of 46

Re: McAfee Open API via PowerShell


Has anyone been working on Powershell scripting recently. What is the best code to use within this thread to connect into EPO?. I have been using MischaBoender's Ep0wershell module but having no success performing the queries I desire.

At the moment I am creating a Powershell GUI with AD and I would now like to implement McAfee EPO capabilities.

I would like to possibly hard code the EPO credentials to the script and be able to carry out searches by IP, Machine or UserName and with this list back the machine information along with Threat Events.

Can anyone please help me?

Re: McAfee Open API via PowerShell

I agree. I tried using his and didn't have much luck. It is a bit old though ...

Since there haven't been any updates on his in a while I've decided to make an open source version:

GitHub - UNT-CAS-ITS/ePOwerShell: This PowerShell Class allows you to easily connect to and work wit...

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community