We're in the process of implementing HIPS high signatures on a large group of servers. ePO version 4.0, patch 6, HIPS agent version 126.96.36.1990.
We first did a testing phase on about 50 servers, including domain controllers and had no issues at all; no reboots needed, no downtime at all. HIPS was first configured in logging mode, and HIPS agents were deployed.
So, based on the success of the intial testing, we did a large deployment of HIPS agent to about 500 new servers via a client task from the ePO server, and it appeared that all hell broke loose. The DNS server service and client resolver hung on numerous domain controllers, which killed URL resolution, all mail stopped, etc, all the ugly stuff that happens when DNS stops working.
I've been told that deploying the HIPS agent can cause a drop in network connectivity while the HIPS agent attaches itself to the NIC. Ok, if that's true why didn't we have the same issue on the first 50 servers we did, and why only on domain controllers, but not other servers, when it did happen in the larger test?