McAfee Cleanup with Intune

When running Intune Autopilot, your devices sometimes come with lots of “bloatware”. Apps that you do not want or use in your business environment. Some may be ok, but others you just want to get rid of. For example McAfee products that are preinstalled as endpoint protection, and you want to use your company licensed Microsoft Defender for Endpoint.

I did just this on a customer this week. I started by reading McAfee KB How to remove McAfee products from a PC that runs Windows. This KB inform how to run McAfee Consumer Product Removal Tool to compleatly remove all McAfee Consumer Products. That´s exactly what I needed to do, but in a silent and Intune friendly way. So I managed to get rid of all McAfee products from a bunch of machines using these steps:

  1. Download McAfee Consumer Product Removal Tool
  2. Start the downloaded MCPR.exe and then Hold it open
  3. While this dialog is open, navigate to the unpacked source files in:
    %localappdata%\temp
  1. Copy the folder MCPR to a suitable place for packageing, for example c:\temp\McAfeeRemover
  2. Close the still open McAfee Software Removal tool by clicking cancel
  3. Create a Powershell script in the folder above, for example c:\temp\McAfeeRemover\McAfeeRemover.ps1
    Script updated after feedback from Herman Moeseyenkov, thanks!
# Run the cleanup tool
$program= ".\McCleanup.exe"
$programArg= "-p StopServices,MFSY,PEF,MXD,CSP,Sustainability,MOCP,MFP,APPSTATS,Auth,EMproxy,FWdiver,HW,MAS,MAT,MBK,MCPR,McProxy,McSvcHost,VUL,MHN,MNA,MOBK,MPFP,MPFPCU,MPS,SHRED,MPSCU,MQC,MQCCU,MSAD,MSHR,MSK,MSKCU,MWL,NMC,RedirSvc,VS,REMEDIATION,MSC,YAP,TRUEKEY,LAM,PCB,Symlink,SafeConnect,MGS,WMIRemover,RESIDUE -v -s"
$process = Start-Process $program -ArgumentList $ProgramArg -passthru -Wait -NoNewWindow

# Remove the Store apps from McAfee
$RemoveApp = 'Mcafee'
Get-AppxPackage -AllUsers | Where-Object {$_.Name -Match $RemoveApp} | Remove-AppxPackage
Get-AppxPackage | Where-Object {$_.Name -Match $RemoveApp} | Remove-AppxPackage
Get-AppxProvisionedPackage -Online | Where-Object {$_.PackageName -Match $RemoveApp} | Remove-AppxProvisionedPackage -Online

The first part will run the McCleanup.exe in a silent way with lots of arguments to remove it all.
The second part will also remove the new Microsoft Store Apps from McAfee.

  1. Create an IntuneWin package with the Microsoft Win32 Content Prep Tool
.\IntuneWinAppUtil.exe -c "c:\temp\McAfeeRemover" -s "McAfeeRemover.ps1" -o "c:\temp" -q
  1. Add your new package to Intune as an Windows app (Win32)
  2. Name the app and enter a Publisher
  1. Make the script bypass execution policy and run as system. The uninstaller has no effect so it can be the same as the installer.
  1. On the detection, it is important to add an additional requirement. McAfee tends to collect their reg values in this key HKEY_LOCAL_MACHINE\SOFTWARE\McAfee. And the same key is removed if the McAfee Consumer Product Removal Tool has been successful. So we need to detect if it exists!
  1. And when it comes to detection, it is the other way around. The key should not exist.

Thats about it! just deploy it to your computers and McAfee will be cleaned up!

About The Author

Mr T-Bone

Torbjörn Tbone Granheden is a Solution Architect for Modern Workplace at Coligo AB. Most Valuable Professional (MVP) on Enterprise Mobility. Certified in most Microsoft technologies and over 23 years as Microsoft Certified Trainer (MCT)

You may also like...