Identify agents which are down over a period of time and delete the systems in EPO which are decommissioned.
Is there any command in McAfee EPO
epo-command or something else
From my experience of managing devices in EPO,
[Report on the devices in EPO]
Go to the System Tree, Choose 'My Organisation', Choose the 'Systems' tab (if not already the default),, Change the preset to 'This group and all subgroups', choose 'Custom' and click on 'Add'.
Look under the 'managed system' tab on the left-hand side and click on 'Last Communication' then use the comparison to set 'Is not within x days/weeks/months etc..' and click on 'Update Filter' to see all of your results
If you use PowerShell (and have a single domain controller) you should be able to report the last logon time of each computer. You could then include the script to move machines that last communicated outside of x time period into the 'Disabled Computer Objects' OU.
From there, you can use Mcafee (Depending on your version, I'm unsure how far this feature goes back). Create a new 'subgroup', choose 'Group Details' on the right-hand side and set up a synchronization type to AD (to the specific Disabled computer objects ou). That way you can identify devices that have been removed from your network rather than EPO.
CONS of using EPO to manage inactive devices: They will appear as 'inactive' whether they're off the network or there's a problem with the agent. I wouldn't solely base the inactivity of the device just because it hasn't communicated with the EPO server.
There is a default server task in epo - inactive agent cleanup task, that will delete systems that have not communicated in 45 days or more. You can change that inactive period under server settings, detected system compliance, inactive period. If you make sure not to choose to remove agent when it deletes the systems, then if they come back online at a later date, they will check back into epo.