A live jump client can be removed from the appliance and remotely uninstalled from the access console. But if the endpoint is not currently online, it only removes it from the appliance. This leaves the jump client still installed on the endpoint. We have been told by our support representative that such an 'orphan' jump client will remain on the endpoint for 180 days and then uninstall itself. This is a potential security issue- we want a clean uninstall.
I propose that when an orphan jump client makes contact with the appliance, the appliance should at that time see that the client is invalid (has been removed) and then respond to the jump client with an immediate uninstall command.
It may be possible that some error during the uninstall could have prevented this from happening, but the current expected behavior is that the Jump Client would uninstall when it comes back online.