I hope you can make use of agent wake-up client task in this.
KMC has the right idea; create 1 or 2 agent wake-up client task - 1) Every 15 minutes collect properties that have changed since the last agent-server communication and perhaps a 2) at system startup.
"framework agent gets corrupt "; you may consider toggling on the debug logs for the Agent: McAfee Corporate KB - How to enable debug logging and collect an event trace log for McAfee Agent 5.x for Windows KB8217…
Are you able to leverage the "Access Protection Polices"; specifically the ones geared for protecting the modification of VSE and the Agent?
This needs to be one in few steps.
0. create a simple tag named like "inactive agents" in tag catalog.
1. create a query where you will define what you consider as "inactive" agents. for example create a query to detect agents that did NOT check-in with ePO in the last 14 days. basically define your threshold here. apply the tag created earlier.
2. create client task targeting systems with the specific tag created in step 0 in deploy agents again. assuming you have administrative rights on those system.
You can tag systems, and attempt to force a wake-up call or use a Client Task to install the Agent, but both of those rely on the Agent working correctly, meaning that this frankly, probably won't work.
For my instance, I purge all systems that haven't had a successful Agent check-in in the past 30 days. Then, I run an AD sync every four hours. Any system not in ePO gets added to ePO and it runs an Agent Deployment task to push a new Agent.
Sometimes it still doesn't work; the package is unable to uninstall the old Agent framework, but it works much of the time.