How to disable the Host Intrusion Prevention (IDS) disable self-protect mode

This article describes how to disable the Host Intrusion Prevention client when a connection to the ePolicy Orchestrator (ePO) 4.x server is not available.
Due to agent self-protection, the Host Intrusion Prevention client cannot be uninstalled using Add or Remove programs or by manually stopping the McAfee Host Intrusion Prevention service while IPS protection is enabled.

Solution 1

If the Host Intrusion Prevention client UI default unlock password has not yet been changed, disable the Host Intrusion Prevention client manually by unlocking the Host Intrusion Prevention client UI tray:

  1. Click Start, Run, type explorer and then click OK.
  2. Navigate to: C:\Program Files\McAfee\Host Intrusion Prevention\
  3. Double-click McAfeeFire.exe.
  4. Click Task, Unlock User Interface.
  5. Type
    the unlock code, and select Administrator Password.
    NOTE: By default, the unlock code is abcde12345.”
  6. After the user interface is unlocked, click the IPS Policy tab.”
  7. Deselect Enable Host IPS and Enable Network IPS. (The Firewall Policy can be disabled on its own tab.)
  8. Select Task, Exit.

Solution 2


If the default unlock password has been changed, start the client in Windows Safe Mode and disable the Host Intrusion Prevention agent service.

  1. Start the client in Safe Mode. For details about Safe Mode, refer to Microsoft Support at: http://support.microsoft.com
  2. Click Start, Run, type services.msc and click OK.
  3. Double-click the McAfee Host Intrusion Prevention Service to open the service properties.
  4. Select Disabled under Startup type.
  5. Restart the client in Normal Mode.
  6. Click Start, Run, type regedit and click OK.
  7. Navigate to and expand the following key:
    [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall]
  8. Locate the GUID for the installed version of Host Intrusion Prevention.
  9. Run the uninstall string value to remove the client.