Uninstalling mcafee Trellix agent from Windows Pc's

Copper Contributor

Hello,

 

We are currently deploying Microsoft Defender for Endpoint Plan 2 to a client who had Trellix Security formely Mcafee and we are experiencing issues with the uninstallation of the Mcafee agent so that Defender is turned to Active Mode. Has anyone experienced the same and what solution do you recommend?

5 Replies
I am just coming off a fresh deployment. What is the error or the issue you are facing?

Hey!

I would make sure there’s no GPO that was pushed out to turn Defender off when McAfee was used. Run a “gpresult /r” and see what you find.

Or check via gpedit.msc. Go to
Computer Configuration > Administrative Templates > Windows Components > Windows Defender Antivirus. Double-click on “Turn off Microsoft Defender Antivirus.

 

I also recommend reading Defender AV compatibility with non-Microsoft AV here: https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/microsoft-defender-antivi...

 

It was a while ago when I ran into this same issue, similar setup but can you give us a list of what you’ve tried and checked? Maybe we can narrow it down.

Let us know what you find there.

Best,
Dylan

The main issue is removing the Trellix agent from the devices currently it is possible to remove the agent and other Trellix products through a McAfee-developed tool "Endpoint Product Removal Tool", but this tool expires quarterly and the tool available now has already expired. We tried using Intune to push a win32 app but that only proved effective in removing McAfee consumer products but not enterprise-grade products that come with agent installation. The machines are domain joined does anyone know a possible way to remove the agents via group policies.
Why not use EPO for the removal tasks?
Ahh I see. As Rahul mentioned why not use EPO to uninstall.

If that’s longer an option then an email to the former account manager of the Trellix contract for a new uninstall tool would be your best next bet. Might take them a bit but if the agent had tamper protect on or an uninstall password set it’s your only option.

These tools have a removal prevention mechanism for a reason and if they don’t work then why are we buying them :beaming_face_with_smiling_eyes:

- Dylan