Uninstalling mcafee Trellix agent from Windows Pc's

Copper Contributor

Hello,

 

We are currently deploying Microsoft Defender for Endpoint Plan 2 to a client who had Trellix Security formely Mcafee and we are experiencing issues with the uninstallation of the Mcafee agent so that Defender is turned to Active Mode. Has anyone experienced the same and what solution do you recommend?

7 Replies
I am just coming off a fresh deployment. What is the error or the issue you are facing?

Hey!

I would make sure there’s no GPO that was pushed out to turn Defender off when McAfee was used. Run a “gpresult /r” and see what you find.

Or check via gpedit.msc. Go to
Computer Configuration > Administrative Templates > Windows Components > Windows Defender Antivirus. Double-click on “Turn off Microsoft Defender Antivirus.

 

I also recommend reading Defender AV compatibility with non-Microsoft AV here: https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/microsoft-defender-antivi...

 

It was a while ago when I ran into this same issue, similar setup but can you give us a list of what you’ve tried and checked? Maybe we can narrow it down.

Let us know what you find there.

Best,
Dylan

The main issue is removing the Trellix agent from the devices currently it is possible to remove the agent and other Trellix products through a McAfee-developed tool "Endpoint Product Removal Tool", but this tool expires quarterly and the tool available now has already expired. We tried using Intune to push a win32 app but that only proved effective in removing McAfee consumer products but not enterprise-grade products that come with agent installation. The machines are domain joined does anyone know a possible way to remove the agents via group policies.
Why not use EPO for the removal tasks?
Ahh I see. As Rahul mentioned why not use EPO to uninstall.

If that’s longer an option then an email to the former account manager of the Trellix contract for a new uninstall tool would be your best next bet. Might take them a bit but if the agent had tamper protect on or an uninstall password set it’s your only option.

These tools have a removal prevention mechanism for a reason and if they don’t work then why are we buying them 😁

- Dylan

Uninstall the Agent First:
Although it's typically recommended to uninstall the agent last, you should start by attempting to uninstall the Trellix/McAfee agent first.
Go to Control Panel > Programs and Features and find the Trellis agent.
Right-click and select Uninstall.
Follow the prompts to complete the uninstallation process.

 

Reboot the System:
After uninstalling the agent, reboot the system. This step ensures that any remaining components tied to the agent are properly cleared.

 

Uninstall Other Trellis Software:
Once the system has rebooted, proceed to uninstall any other Trellis Endpoint Protection software components from Programs and Features.
Uninstall each component one by one, followed by another reboot if necessary.

 

This approach allows you to tackle the uninstallation in a more aggressive manner, potentially avoiding complications that might arise from residual files or dependencies tied to the Trellix agent.

it says other programs are dependent on this and fails to uninstall