If you ever decide to turn off Endpoint Protection for a System Center Configuration 2012 site, modifying the site policy to stop installing the Endpoint Protection client will not automatically uninstall the existing clients.

To remove the client completely, you need to uninstall it manually. There’s a quick command-line you can use to incorporate into a package that can then be distributed to existing clients. To create the proper uninstall command you need to utilize two command-line switches:

/u = uninstall

/s = client

So the actual command for your Configuration Manager package would be:

C:\Windows\ccmsetup\scepinstall.exe /u /s

You could also use group policy script to uninstall forefront.