This article describes how to disable the Host Intrusion Prevention client when a connection to the ePolicy Orchestrator (ePO) 4.x server is not available.
Due to agent self-protection, the Host Intrusion Prevention client cannot be uninstalled using Add or Remove programs or by manually stopping the McAfee Host Intrusion Prevention service while IPS protection is enabled.
Solution 1
If the Host Intrusion Prevention client UI default unlock password has not yet been changed, disable the Host Intrusion Prevention client manually by unlocking the Host Intrusion Prevention client UI tray:
- Click Start, Run, type explorer and then click OK.
- Navigate to: C:\Program Files\McAfee\Host Intrusion Prevention\
- Double-click McAfeeFire.exe.
- Click Task, Unlock User Interface.
- Type
the unlock code, and select Administrator Password.
NOTE: By default, the unlock code is abcde12345.”
- After the user interface is unlocked, click the IPS Policy tab.”
- Deselect Enable Host IPS and Enable Network IPS. (The Firewall Policy can be disabled on its own tab.)
- Select Task, Exit.
Solution 2
If the default unlock password has been changed, start the client in Windows Safe Mode and disable the Host Intrusion Prevention agent service.
- Start the client in Safe Mode. For details about Safe Mode, refer to Microsoft Support at: http://support.microsoft.com
- Click Start, Run, type services.msc and click OK.
- Double-click the McAfee Host Intrusion Prevention Service to open the service properties.
- Select Disabled under Startup type.
- Restart the client in Normal Mode.
- Click Start, Run, type regedit and click OK.
- Navigate to and expand the following key:
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall]
- Locate the GUID for the installed version of Host Intrusion Prevention.
- Run the uninstall string value to remove the client.
“
