Showing results for 
Search instead for 
Did you mean: 

Removal of Decommissioned agents from EPO

Identify agents which are down over a period of time and delete the systems in EPO which are decommissioned.


Is there any command in McAfee EPO


epo-command or something else

3 Replies
Reliable Contributor DocB
Reliable Contributor
Report Inappropriate Content
Message 2 of 4

Re: Removal of Decommissioned agents from EPO


Search for Agents which haven't communicated within the time period you specifiy, select them, choose directory and delete.



Re: Removal of Decommissioned agents from EPO

From my experience of managing devices in EPO,

You could:

[Report on the devices in EPO]
Go to the System Tree, Choose 'My Organisation', Choose the 'Systems' tab (if not already the default),, Change the preset to 'This group and all subgroups', choose 'Custom' and click on 'Add'.

Look under the 'managed system' tab on the left-hand side and click on 'Last Communication' then use the comparison to set 'Is not within x days/weeks/months etc..' and click on 'Update Filter' to see all of your results

[AD Reporting]

If you use PowerShell (and have a single domain controller) you should be able to report the last logon time of each computer. You could then include the script to move machines that last communicated outside of x time period into the 'Disabled Computer Objects' OU. 

From there, you can use Mcafee (Depending on your version, I'm unsure how far this feature goes back). Create a new 'subgroup', choose 'Group Details' on the right-hand side and set up a synchronization type to AD (to the specific Disabled computer objects ou). That way you can identify devices that have been removed from your network rather than EPO. 


CONS of using EPO to manage inactive devices: They will appear as 'inactive' whether they're off the network or there's a problem with the agent. I wouldn't solely base the inactivity of the device just because it hasn't communicated with the EPO server. 

McAfee Employee cdinet
McAfee Employee
Report Inappropriate Content
Message 4 of 4

Re: Removal of Decommissioned agents from EPO

There is a default server task in epo - inactive agent cleanup task, that will delete systems that have not communicated in 45 days or more.  You can change that inactive period under server settings, detected system compliance, inactive period.  If you make sure not to choose to remove agent when it deletes the systems, then if they come back online at a later date, they will check back into epo.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

McAfee ePO Support Center Plug-in
Check out the new McAfee ePO Support Center. Simply access the ePO Software Manager and follow the instructions in the Product Guide for the most commonly used utilities, top known issues announcements, search the knowledgebase for product documentation, and server status and statistics – all from within ePO.