Showing results for 
Search instead for 
Did you mean: 

Auto Endpoint Removal


Can I create a task that will remove endpoints that are not communicating for a long period of time in ePO, let say 2 months for example.

3 Replies
McAfee Employee jappell
McAfee Employee
Report Inappropriate Content
Message 2 of 4

Re: Auto Endpoint Removal

Thank you for your question. This comes up by customers and students alike in my classroom. Everyone's business needs a process for the proper removal of assets (your systems). This means that removing ANY system from your ePolicy Orchestrator systems tree needs careful consideration. If you are running a server task that removes systems automatically (30,60,90 or greater days) you then need to determine what you have installed for products. You then determine data retention for your company (business). If you don't know, you don't delete, period! Instead of removing, you can tag them as (over 30,90 etc). Now if any C level wants to have a conversation with you regarding an asset that has been stolen, vandalized or victimized in some way you can have a conversation on what you last knew. If you had drive encryption on the asset that is missing, you can have a conversation regarding what you last knew and potentially satisfy safe harbor regulations. Unless you are Tennessee: No Safe Harbor: Tennessee eliminates encryption safe harbor

Where was I, oh yes if you have DLPE you have other things to consider. Keep what you have in ePO and ONLY decommission when you can stand by the asset removal and\or process. I have seen way to many administrators remove a device and then be unable to have a discussion with a high level executive. Especially in light that you are supposed to be managing these devices. And as for the asset coming back if someone turns it on? It isn't coming back if it's stolen! And all McAfee Agents work all the time too, right?

So there is my three cents. This experience was gathered since ePO beta back in the late 90's and many millions of systems manhandled by administrators false notion that things will occur when they absolutely might not.

That help?


Re: Auto Endpoint Removal

Hi Jay,

Thank you very much for your insight, I will consider your advise, your absolutely right on having a proper process for removal of assets. I will just stick to the current setup and wait until we have a solid agreement on how the assets will be remove.

McAfee Employee moekhass
McAfee Employee
Report Inappropriate Content
Message 4 of 4

Re: Auto Endpoint Removal

​, in addition to tagging, you can also "move" these systems in a specific folders. if you have queries or reports, they will be more accurate since they won't contain orphaned systems.

to answer your question though, yes it can be easily done. start with a query and locate those systems. then create a server task that will remove resulting systems.

step 1. query to locate systems that meet your non-communication requirement

step 2. use the subaction to delete OR move to a specific folder.

More McAfee Tools to Help You

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community