Forum Discussion
Uninstalling mcafee Trellix agent from Windows Pc's
Hello,
We are currently deploying Microsoft Defender for Endpoint Plan 2 to a client who had Trellix Security formely Mcafee and we are experiencing issues with the uninstallation of the Mcafee agent so that Defender is turned to Active Mode. Has anyone experienced the same and what solution do you recommend?
- rahuljindal-MVPBronze ContributorI am just coming off a fresh deployment. What is the error or the issue you are facing?
- Njuguna_MuriithiCopper ContributorThe main issue is removing the Trellix agent from the devices currently it is possible to remove the agent and other Trellix products through a McAfee-developed tool "Endpoint Product Removal Tool", but this tool expires quarterly and the tool available now has already expired. We tried using Intune to push a win32 app but that only proved effective in removing McAfee consumer products but not enterprise-grade products that come with agent installation. The machines are domain joined does anyone know a possible way to remove the agents via group policies.
- rahuljindal-MVPBronze ContributorWhy not use EPO for the removal tasks?
- DylanInfosecBrass Contributor
Hey!
I would make sure there’s no GPO that was pushed out to turn Defender off when McAfee was used. Run a “gpresult /r” and see what you find.
Or check via gpedit.msc. Go to
Computer Configuration > Administrative Templates > Windows Components > Windows Defender Antivirus. Double-click on “Turn off Microsoft Defender Antivirus.I also recommend reading Defender AV compatibility with non-Microsoft AV here: https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-compatibility?view=o365-worldwide#microsoft-defender-antivirus-and-non-microsoft-antivirusantimalware-solutions
It was a while ago when I ran into this same issue, similar setup but can you give us a list of what you’ve tried and checked? Maybe we can narrow it down.
Let us know what you find there.
Best,
Dylan