whitelist needs to be edited manually, so you'd have to remove the MAC addresses from your filters. As for the endpoints, you would have to remove them directly from the database and then restart the services.
That is part of the issue. We have several thousand MAC addresses in our whitelist. We are using this product to watch our network for rogue devices to attach. When we remove a device, we would like to be able to easily clean our whitelist.
I cannot find a way to monitor the "last seen" date of a whitelist entry. We want to be warned if a whitelist entry has not been seen for 30 days. Then we make a decision to delete the entry from the whitelist. What I have found is that the whitelist is only stored in one field as an xml entry in the database. So there is no way to easily tell if an endpoint is in the whitelist.
We do not want our whitelist to be full of junk. After using the product for two months, we already have 40 endpoints that are no longer on our network. With no way of deleting endpoints, or no way of seeing the last seen date of a whitelist entry, we are kinda stuck with a junk filled whitelist.
Sounds like a good idea for a feature request.
as an aside, I'm not convinced that the whitelist feature is really that useful.
In my current environment (a University) I don't care who plugs in to the network (a BYOD environment),
in a previous environment I did (PCI-DSS and serious about security), and we made use of VMPS/FreeNAC; today I'd deploy 802.11x. Unknown devices would get punted to a guest VLAN with a captive portal to identify the owner & authorize it's attachment to the network (could be part of a BYOD strategy).