Views:

Manual Endpoint Removal

Manually Remove from Endpoint Inventory Poseidon-mode Console

In Endpoint Inventory console, endpoints of any status, including those with status "XDR sensor enabled" or "Action Required", are all allowed to be removed.

On Endpoint Inventory, select the endpoints you would like to remove, similar to how you would enable them. After selecting endpoints, a Remove button should be shown.

^{Click the image to enlarge.}
By clicking the Remove button, a pop-up window will be shown, where you can confirm the endpoints to remove. Click Remove Now to remove the endpoints.

^{Click the image to enlarge.}

Manually Remove from Endpoint Inventory Foundation-mode Console

In the Endpoint Inventory Foundation-mode Console, follow these steps to remove endpoints:

On Endpoint Inventory, select the endpoints that you want to remove.

^{Click the image to enlarge.}
Click Remove Endpoint. A popup will appear, displaying the list of endpoints you've selected for removal, along with important details you should note.
After clicking Remove Now on the popup, it will take approximately 15 minutes for the endpoints to be removed.

An audit log Remove Agent will be created after the agents are removed. You can go to the Trend Vision One console > Administration > Audit Logs, to see this kind of audit logs:

^{Click the image to enlarge.}

You can follow the same steps to remove endpoints from the search result.

Auto Inactive Endpoint Removal

Endpoint Inventory Poseidon-mode Console

Click on the Settings icon to open the panel, and then you will see the settings for "Agent Removal".
By default, the "Agent Removal" settings are disabled.

^{Click the image to enlarge.}
- Inactive agent removal: This removes inactive agents, including persistent virtual desktop agents.
- Inactive non-persistent virtual desktop agent removal: This only removes the "non-persistent" virtual desktop agents using a different setting of inactive days.

Trend Vision One Endpoint Security Foundation-mode Console

To configure auto-removal settings specifically for sensor-only endpoints, click the Settings icon to open the settings panel. By default, the options under Global Settings for Inactive Endpoint Removal Settings are disabled.
There are two checkboxes available for Agent Removal:

^{Click the image to enlarge.}

Automatically remove inactive Trend Vision One Endpoint Security endpoints: This setting is designed to remove inactive agents, including persistent virtual desktop agents. Note that "non-persistent" virtual desktop agents will not be removed with this setting. You can use the next setting for that purpose.
Automatically remove inactive non-persistent virtual desktop Trend Vision One Endpoint Security endpoints: This setting is specifically to remove "non-persistent" virtual desktop agents, based on the number of inactive days specified.

^{Click the image to enlarge.}

Backend system starts the removal process at 00:00 local time for all companies in that region, and companies are processed one by one in sequence. For example: company A at 00:00:01, company B at 00:00:02.... It means that the removal process for company N may be executed at 01:00:00. The finish time for the removal process depends on the number of companies.

The process of removal daily begins at 00:00 according to the Trend Vision One data center region.

Region	Removal Time
US	00:00 EST(UTC-5)
EU	00:00 CET(UTC+1)
JP	00:00 JST(UTC+9)
SG	00:00 CST(UTC+8)
AU	00:00 AEST(UTC+10)
IN	00:00 IST(UTC+5:30)
ADDA	00:00 GST(UTC+4)

An audit log Remove Agent will be created after the backend server removes agents, you can go to the Trend Vision One console > Administration > Audit Logs, to see this kind of audit logs:

^{Click the image to enlarge.}

Frequently Asked Questions (FAQs)

Will the removal of endpoints also remove Endpoint Basecamp?
No, it only removes the visibility from the Endpoint Inventory console and Trend Vision One components, including Endpoint Sensor, from the endpoint side. It does not uninstall the existing Endpoint Basecamp program and the Windows/Mac/Linux Endpoint Basecamp will continue to run.

The Endpoint Basecamp can be removed with an official uninstaller which can be requested by issuing a case through Trend Micro Technical Support.
Is it possible to manage a removed endpoint again?

After Vision One Endpoint Reconnection Release
Endpoints removed after 2024/03/25 will automatically reconnect to the original company upon boot-up. This means that once removed, as long as the endpoint is online, it will automatically revert to a manageable state without requiring reinstallation of the Agent Installer. For permanent removal after 2024/03/25, please use the XBC uninstaller.

Endpoint removed before 2024/03/25

Yes, a removed endpoint can be shown up on Endpoint Inventory console again by reinstalling the agent installer which is available from the Endpoint Inventory console.

For the following endpoints, there is no need to uninstall Endpoint Basecamp first. Reinstall the agent installer at the endpoint, and then the removed endpoints will be shown on the console.
- Windows endpoints
- Mac endpoints with installed Endpoint Basecamp version is 1.2.232 or higher
- Linux endpoints with installed Endpoint Basecamp version is 872 or higher
For Mac/Linux endpoints with lower versions, the user has to request Trend Micro Technical Support for the Mac/Linux Endpoint Basecamp uninstallation tool first.

After obtaining the uninstallation tool, execute the uninstallation tool at the endpoint and then reinstall and rerun the Endpoint Inventory Agent Installer.
- If the Trend Vision One site has been migrated before for Mac/Linux endpoints, no matter which version, please uninstall Endpoint Basecamp and then reinstall the agent installer that was downloaded from the new site.
- For Windows endpoints, re-running the original EndpointBasecamp.exe in the local Program Files folder would not make this endpoint be managed again. Only re-installing the Agent Installer on the endpoint will work.
  
  ^{Click the image to enlarge.}
How does Auto Inactive Endpoint Removal work?
The removal process includes two parts:
- Server-side:
  The Endpoint Inventory server has a daily scheduled process to check if there are inactive Trend Vision One agents to remove. If there are inactive agents that meet the removal criteria, these inactive agents' records are automatically removed from the Endpoint Inventory database, and these agents will not show on the Endpoint Inventory 2.0 console once removed. An audit log will be created for the removal, you can go to Vision One console > Administration > Audit Logs, click Account tab, and filter it by Category: "Endpoint Inventory" to see this kind of audit logs, like:
  
  ^{Click the image to enlarge.}
  
  Meanwhile, the backend server creates and queues these agents' uninstall commands for removing related Trend Vision One components running on the machines. These commands will be retrieved and executed by Basecamp on those devices.
- Endpoint-side:
  After the removal, if an inactive machine goes online and connects to the server, Basecamp will retrieve and execute the uninstall command from the server and remove the related Trend Vision One components, including endpoint sensor modules, from the machine. Eventually, only the Basecamp process is left running on the device.
Will the Removal affect agents of Trend Cloud One™ - Workload Security or Trend Micro Apex One™?
- Endpoint removed before 2025/02/24
  No, removing Trend Vision One agents would not affect Cloud One - Workload Security or Apex One agents.
  
  On the other side, "Apex One" inactive agent cleanup is a different product and function from the Trend Vision One inactive agent removal, and they have different behaviors. Apex One agent's cleanup would not affect/remove Trend Vision One agents.
- Endpoint removed after 2025/02/24
  Yes, the removal will also affect the Cloud One - Workload Security or Apex One agents.
- Server & Workload Protection endpoints
  Previously, the inactivate agent removal setting made by customers on the Cloud One console will be grayed out and invalidated. Customers will need to make the relevant settings on the Trend Vision One console. In addition, any previously set Inactivate Agent Clean Override will also be invalidated. Inactivate endpoints will be removed based on the Trend Vision One console settings at the specified time.
- Standard Endpoint Protection
  In February, the inactive agent setting in the SEP console will not be grayed out until SEP's March maintenance release. This means that if a user goes to the SEP reskin console during this time and saves the inactive agent removal as enabled, both the Trend Vision One and SEP agent removal mechanisms will take effect on the endpoint.
  
  With the release of the Trend Vision One inactive agent removal, because there is no SEP maintenance in February, the grayed out UI will not be applied to SEP. As a result, if a user enables the Apex One inactive agent removal during this time, both Trend Vision One and Apex One setting will apply to the endpoints.
  
  For the India site, the UI gray out will not happen until the April release due to the N-1 approach. This means that there will be a two-month period where the inactive agent removal UI will remain enabled.
When to refund seat count or credit after an agent is removed?
- If the agent is removed by the process of Auto Inactive Endpoint Removal
  - for Trend Vision One account which is credit based, the credit will be refunded in 2 hours.
  - for Trend Vision One account which is seat count based, the occupied seat count will be released immediately.
- If the agent is removed by Manual Endpoint Removal
  - No matter credit based or seat count based it will be refunded immediately.

Keywords: inactive endpoints removal,inactive agents removal,vision one taking out inactive endpoints,duplicate endpoints,remove endpoints,Endpoint Inventory Console,remove from search,status,tab,location,console location,how to remove endpoint,remove inactive endp

Removing endpoints from the Endpoint Inventory 2.0 and Trend Vision One™ Endpoint Security console

Product / Version includes:

Trend Vision OneAll

Last updated: 2025/01/24

Solution ID: KA-0012152

Category: Configure

Summary

This article illustrates how endpoints with any status can manually be removed from the Endpoint Inventory console.
Currently, there are two kinds of Endpoint Inventory console:

The Endpoint Inventory is for Trend Vision One Endpoint Security Operations. It is also called the Endpoint Inventory Poseidon-mode console.
The Endpoint Inventory is for Trend Vision One Endpoint Security Operations (for Standard Endpoint and Server & Workload Protection). It's also called the Endpoint Inventory Foundation-mode console

Both kinds of Endpoint Inventory App have two methods for users to remove endpoints:

Manual endpoint removal: users can manually select endpoints to remove.
Auto endpoint removal:
- For Endpoint Inventory Poseidon-mode console, users have the option to enable Inactive Agent Removal in Settings and then inactive endpoints will be automatically checked once a day and then removed. There are two checkboxes for the Agent Removal:
  - Inactive agent removal
  - Inactive non-persistent virtual desktop agent removal
- For Endpoint Inventory Foundation-mode console, users have the option to enable Inactive Endpoint Removal Settings within the Global settings panel. When this feature is enabled, inactive endpoints are automatically scanned once a day and removed based on the specified criteria. Below are the two checkboxes available for customers to tailor this automated removal:
  - Automatically remove inactive Endpoint Sensor endpoints: When this checkbox is selected, the system will automatically remove inactive sensor-only endpoints during its daily scan.
  - Automatically remove inactive non-persistent virtual desktop Endpoint Sensor endpoints: When enabled, the system will automatically remove inactive non-persistent virtual desktop sensor-only endpoints during the daily scan.

Starting February 24, 2025, the Trend Vision One console will support the removal of Standard Endpoint Protection and Server & Workload Protection endpoints in addition to sensor-only endpoints, which are currently the only endpoints that can manually or automatically be removed in the Endpoint Inventory Foundation-mode console.

EXPAND ALL

Manual Endpoint Removal

Manually Remove from Endpoint Inventory Poseidon-mode Console

In Endpoint Inventory console, endpoints of any status, including those with status "XDR sensor enabled" or "Action Required", are all allowed to be removed.

On Endpoint Inventory, select the endpoints you would like to remove, similar to how you would enable them. After selecting endpoints, a Remove button should be shown.

^{Click the image to enlarge.}
By clicking the Remove button, a pop-up window will be shown, where you can confirm the endpoints to remove. Click Remove Now to remove the endpoints.

^{Click the image to enlarge.}

Manually Remove from Endpoint Inventory Foundation-mode Console

In the Endpoint Inventory Foundation-mode Console, follow these steps to remove endpoints:

On Endpoint Inventory, select the endpoints that you want to remove.

^{Click the image to enlarge.}
Click Remove Endpoint. A popup will appear, displaying the list of endpoints you've selected for removal, along with important details you should note.
After clicking Remove Now on the popup, it will take approximately 15 minutes for the endpoints to be removed.

An audit log Remove Agent will be created after the agents are removed. You can go to the Trend Vision One console > Administration > Audit Logs, to see this kind of audit logs:

^{Click the image to enlarge.}

You can follow the same steps to remove endpoints from the search result.

Auto Inactive Endpoint Removal

Endpoint Inventory Poseidon-mode Console

Click on the Settings icon to open the panel, and then you will see the settings for "Agent Removal".
By default, the "Agent Removal" settings are disabled.

^{Click the image to enlarge.}
- Inactive agent removal: This removes inactive agents, including persistent virtual desktop agents.
- Inactive non-persistent virtual desktop agent removal: This only removes the "non-persistent" virtual desktop agents using a different setting of inactive days.

Trend Vision One Endpoint Security Foundation-mode Console

^{Click the image to enlarge.}

Automatically remove inactive Trend Vision One Endpoint Security endpoints: This setting is designed to remove inactive agents, including persistent virtual desktop agents. Note that "non-persistent" virtual desktop agents will not be removed with this setting. You can use the next setting for that purpose.
Automatically remove inactive non-persistent virtual desktop Trend Vision One Endpoint Security endpoints: This setting is specifically to remove "non-persistent" virtual desktop agents, based on the number of inactive days specified.

^{Click the image to enlarge.}

The process of removal daily begins at 00:00 according to the Trend Vision One data center region.

Region	Removal Time
US	00:00 EST(UTC-5)
EU	00:00 CET(UTC+1)
JP	00:00 JST(UTC+9)
SG	00:00 CST(UTC+8)
AU	00:00 AEST(UTC+10)
IN	00:00 IST(UTC+5:30)
ADDA	00:00 GST(UTC+4)

^{Click the image to enlarge.}

Frequently Asked Questions (FAQs)

Will the removal of endpoints also remove Endpoint Basecamp?
No, it only removes the visibility from the Endpoint Inventory console and Trend Vision One components, including Endpoint Sensor, from the endpoint side. It does not uninstall the existing Endpoint Basecamp program and the Windows/Mac/Linux Endpoint Basecamp will continue to run.

The Endpoint Basecamp can be removed with an official uninstaller which can be requested by issuing a case through Trend Micro Technical Support.
Is it possible to manage a removed endpoint again?

After Vision One Endpoint Reconnection Release
Endpoints removed after 2024/03/25 will automatically reconnect to the original company upon boot-up. This means that once removed, as long as the endpoint is online, it will automatically revert to a manageable state without requiring reinstallation of the Agent Installer. For permanent removal after 2024/03/25, please use the XBC uninstaller.

Endpoint removed before 2024/03/25

Yes, a removed endpoint can be shown up on Endpoint Inventory console again by reinstalling the agent installer which is available from the Endpoint Inventory console.

For the following endpoints, there is no need to uninstall Endpoint Basecamp first. Reinstall the agent installer at the endpoint, and then the removed endpoints will be shown on the console.
- Windows endpoints
- Mac endpoints with installed Endpoint Basecamp version is 1.2.232 or higher
- Linux endpoints with installed Endpoint Basecamp version is 872 or higher
For Mac/Linux endpoints with lower versions, the user has to request Trend Micro Technical Support for the Mac/Linux Endpoint Basecamp uninstallation tool first.

After obtaining the uninstallation tool, execute the uninstallation tool at the endpoint and then reinstall and rerun the Endpoint Inventory Agent Installer.
- If the Trend Vision One site has been migrated before for Mac/Linux endpoints, no matter which version, please uninstall Endpoint Basecamp and then reinstall the agent installer that was downloaded from the new site.
- For Windows endpoints, re-running the original EndpointBasecamp.exe in the local Program Files folder would not make this endpoint be managed again. Only re-installing the Agent Installer on the endpoint will work.
  
  ^{Click the image to enlarge.}
How does Auto Inactive Endpoint Removal work?
The removal process includes two parts:
- Server-side:
  The Endpoint Inventory server has a daily scheduled process to check if there are inactive Trend Vision One agents to remove. If there are inactive agents that meet the removal criteria, these inactive agents' records are automatically removed from the Endpoint Inventory database, and these agents will not show on the Endpoint Inventory 2.0 console once removed. An audit log will be created for the removal, you can go to Vision One console > Administration > Audit Logs, click Account tab, and filter it by Category: "Endpoint Inventory" to see this kind of audit logs, like:
  
  ^{Click the image to enlarge.}
  
  Meanwhile, the backend server creates and queues these agents' uninstall commands for removing related Trend Vision One components running on the machines. These commands will be retrieved and executed by Basecamp on those devices.
- Endpoint-side:
  After the removal, if an inactive machine goes online and connects to the server, Basecamp will retrieve and execute the uninstall command from the server and remove the related Trend Vision One components, including endpoint sensor modules, from the machine. Eventually, only the Basecamp process is left running on the device.
Will the Removal affect agents of Trend Cloud One™ - Workload Security or Trend Micro Apex One™?
- Endpoint removed before 2025/02/24
  No, removing Trend Vision One agents would not affect Cloud One - Workload Security or Apex One agents.
  
  On the other side, "Apex One" inactive agent cleanup is a different product and function from the Trend Vision One inactive agent removal, and they have different behaviors. Apex One agent's cleanup would not affect/remove Trend Vision One agents.
- Endpoint removed after 2025/02/24
  Yes, the removal will also affect the Cloud One - Workload Security or Apex One agents.
- Server & Workload Protection endpoints
  Previously, the inactivate agent removal setting made by customers on the Cloud One console will be grayed out and invalidated. Customers will need to make the relevant settings on the Trend Vision One console. In addition, any previously set Inactivate Agent Clean Override will also be invalidated. Inactivate endpoints will be removed based on the Trend Vision One console settings at the specified time.
- Standard Endpoint Protection
  In February, the inactive agent setting in the SEP console will not be grayed out until SEP's March maintenance release. This means that if a user goes to the SEP reskin console during this time and saves the inactive agent removal as enabled, both the Trend Vision One and SEP agent removal mechanisms will take effect on the endpoint.
  
  With the release of the Trend Vision One inactive agent removal, because there is no SEP maintenance in February, the grayed out UI will not be applied to SEP. As a result, if a user enables the Apex One inactive agent removal during this time, both Trend Vision One and Apex One setting will apply to the endpoints.
  
  For the India site, the UI gray out will not happen until the April release due to the N-1 approach. This means that there will be a two-month period where the inactive agent removal UI will remain enabled.
When to refund seat count or credit after an agent is removed?
- If the agent is removed by the process of Auto Inactive Endpoint Removal
  - for Trend Vision One account which is credit based, the credit will be refunded in 2 hours.
  - for Trend Vision One account which is seat count based, the occupied seat count will be released immediately.
- If the agent is removed by Manual Endpoint Removal
  - No matter credit based or seat count based it will be refunded immediately.

Was this article helpful?

Featured

Automation Center

Education Portal

Online Help Center

Service Status

TrendConnect

Removing endpoints from the Endpoint Inventory 2.0 and Trend Vision One™ Endpoint Security console

Manual Endpoint Removal

Manually Remove from Endpoint Inventory Poseidon-mode Console

Manually Remove from Endpoint Inventory Foundation-mode Console

Auto Inactive Endpoint Removal

Frequently Asked Questions (FAQs)

Removing endpoints from the Endpoint Inventory 2.0 and Trend Vision One™ Endpoint Security console

Product / Version includes:

Summary

Manual Endpoint Removal

Manually Remove from Endpoint Inventory Poseidon-mode Console

Manually Remove from Endpoint Inventory Foundation-mode Console

Auto Inactive Endpoint Removal

Frequently Asked Questions (FAQs)