I have two separate ePO’s. One of them is an agent handler in the DMZ and the other is our main ePO in our internal network. 

Hi @jayreid2020 ,

Thanks for the reply.

Yes, you can Install / Uninstall McAfee using products. External agent handlers are agent handlers which are behind the DMZ for outside network users.

The install and uninstall procedures remain same as you do it on ePO.
The only change is, while installing you have to choose the right agent handler when you download frame package from ePO console.

For installation:

You could download a frame package by selecting the External agent handler in the System Tree and deploy it.

For Uninstall:

You could run Endpoint removal tool to remove the McAfee agent.

Note: Endpoint removal tool should not run in ePO server or any Agent Handler.

Okay how do I uninstall a mcafee product from a machine that’s behind a NAT using the ePO ? And how do I install a mcafee product from a machine that’s behind a NAT using the ePO ? 

Hi @jayreid2020,

Greetings!

There are multiple ways to uninstall McAfee agent

A. For Uninstall you can download the "Endpoint removal tool" from McAfee product download site and run it on the client machine.

B. We can uninstall the agent from ePO as well

1. Go to Menu | system tree | select the system which you want to delete.

2.Actions |Directory management | Delete

3.Select "remove agent on next agent -server communication"

C.Uninstall via command prompt

C:\Program Files (x86)\McAfee\Common Framework\frminst /forceuninstall

Note: It is not recommend to run Endpoint removal tool in ePO server or Agent Handler

Install McAfee agent:

There are few methods to deploy McAfee agents via ePO. Please find the below link

https://docs.mcafee.com/bundle/agent-5.5.0-installation-guide-epolicy-orchestrator/page/GUID-B9027EF...

Note: Since you are installing agent using external agent handler. I recommend you to download the Frame package from the ePO by selecting the external agent handler and then deploy it on client machine.

How to download Frame package:

1. Select Menu → Systems → System Tree, then select New Systems.
2. Next to How to add systems, select Create and download agent installation package.
3. Select the appropriate Agent version.
4. Select or deselect Embed Credentials in Package. If selected, type the appropriate Credentials for agent installation.
5. If you want these credentials to be remembered the next time you complete this task, click Remember my credentials for future deployments.
6. If you want the installer to use a specific Agent Handler, select it from the drop-down list. If not, select All Agent Handlers. Click OK.
7. When prompted, select the file to be downloaded. Click to open the file, or right-click to save the file.
8. Distribute the custom installation package file as needed.

If in case you need further assistance on this, please raise a support ticket.

It's the same way you un/install products for internal network.

Make sure that ports are opened as per #: 

https://kc.mcafee.com/corporate/index?page=content&id=KB66797

Hello jayreid2020

As Hem say, you can install and uninstall any Mcafee product managed by your ePO inside or outside the organization, but for those machine which are behind NAT then it is important to do it with a “Client task assignment” instead of a "Run client task now" as that involves a Wake up call and wake up calls do not work behind NAT system