I have had several users who have also come across this same issue. I had to create explicit rules based off what was getting blocked, like "Blocked Incoming ICMP Echo Request." The users were doing some testing in a lab environ, and they had disabled all the features through the HIPS UI but the block was still coming up in the activity log. This leads me to believe that there is still some inherent blocking going on by default, even when the IPS, Firewall, and Application Policy are all unchecked. I also had to specifically allow rules for IPv6 as well as part of another groups testing who also thought everything should be allowed once they disabled all the components of HIPS. Can anyone shed some light on anything else that may be blocked even though HIPS is disabled?
If something is getting blocked when HIP is disabled, maybe there's a problem with the NDIS. Refer to Troubleshooting the McAfee Host Intrusion Prevention 7.0 NDIS Intermediate Miniport Adapter.