Manually Disable Mcafee Host Intrusion Prevention
I had an issue today where I could not wait for Mcafee Epolicy Orchestrator to push out a policy to remove Mcafee Host Intrusion Prevention from a particular Virtual Machine. This Virtual Machine was core to a system that was being worked on and the Mcafee Host Intrusion Prevention was effecting its performance, so action needed taking quickly.
The quick work around was to manually remove Host Intrusion Prevention client from the virtual machine, when I attempted to do this I was greeted with the following error.
When self protect mode is enabled you cannot remove the Host Intrusion Prevention until you disable this mode. To disable the self protect mode do the following.
Browse to C:\Program Files\McAfee\Host Intrusion Prevention
You will see the screen below, once there select Task > Unlock User Interface – you will then be prompted for a password, during the installation you will of either entered on or used the defaults. The default password is abcde12345
Once the password is entered correctly you now need to remove the tick from the following options. Enable Host IPS and Enable Network IPS.
Then click apply and these settings will take effect.
IPS is now disabled so if required you can leave this now and if you need to remove the IPS you will now have permission to do so. Remember you will have to break inheritance for this server in Mcafee Epolicy or the policy will reapply at the next policy push interval.
Tags: host intrusion, IPS, mcafee