Showing results for 
Search instead for 
Did you mean: 

Removal of Decommissioned agents from EPO

Identify agents which are down over a period of time and delete the systems in EPO which are decommissioned.


Is there any command in McAfee EPO


epo-command or something else

3 Replies
Level 11
Report Inappropriate Content
Message 2 of 4

Re: Removal of Decommissioned agents from EPO


Search for Agents which haven't communicated within the time period you specifiy, select them, choose directory and delete.



Re: Removal of Decommissioned agents from EPO

From my experience of managing devices in EPO,

You could:

[Report on the devices in EPO]
Go to the System Tree, Choose 'My Organisation', Choose the 'Systems' tab (if not already the default),, Change the preset to 'This group and all subgroups', choose 'Custom' and click on 'Add'.

Look under the 'managed system' tab on the left-hand side and click on 'Last Communication' then use the comparison to set 'Is not within x days/weeks/months etc..' and click on 'Update Filter' to see all of your results

[AD Reporting]

If you use PowerShell (and have a single domain controller) you should be able to report the last logon time of each computer. You could then include the script to move machines that last communicated outside of x time period into the 'Disabled Computer Objects' OU. 

From there, you can use Mcafee (Depending on your version, I'm unsure how far this feature goes back). Create a new 'subgroup', choose 'Group Details' on the right-hand side and set up a synchronization type to AD (to the specific Disabled computer objects ou). That way you can identify devices that have been removed from your network rather than EPO. 


CONS of using EPO to manage inactive devices: They will appear as 'inactive' whether they're off the network or there's a problem with the agent. I wouldn't solely base the inactivity of the device just because it hasn't communicated with the EPO server. 

McAfee Employee cdinet
McAfee Employee
Report Inappropriate Content
Message 4 of 4

Re: Removal of Decommissioned agents from EPO

There is a default server task in epo - inactive agent cleanup task, that will delete systems that have not communicated in 45 days or more.  You can change that inactive period under server settings, detected system compliance, inactive period.  If you make sure not to choose to remove agent when it deletes the systems, then if they come back online at a later date, they will check back into epo.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Member Rewards
McAfee Community rewards active and helpful members just like you. Click here to take a look at the first community members who received a special reward and were recognized by McAfee leader, Aneel Jaeel, for their participation and trusted knowledge in the community.