I'm not a product expert but I have moved your post to our HIPs area. Hopefully someone can help you soon.
You mentioned that the OS had been hardened. This could have some relation.
Refer to the McAfee HIP Install log located in C:\Windows\ for starters.
Can you confirm if you have VSE BUfferOverflow version 493?
Open the VSE console and then about box to get this version number.
If yes then you can try this to proceed for the install/update of HIPS through ePO.
Edit the Access protection policy for VSE from ePO
Under Common Standard Protection->Prevent Modification of McAfee Files & Folders
Under the excluded process list, add mfehidini.exe and then push out this updated policy to all clients.
Once this has been done, push out your HIPS install/Update to the clients.
That should be succesfull.
Guys ... tried you recommended solution.
It has not been successful as of today.
Sudeep......I checked the BufferOverflow version, it is 418.
Likely you need to explicitly enable the BOF DAT definitions in ePO master repository update task if you use selective pull. Otherwise by default it does not pull them (i.e when using selective updating, it is unselected).
BOF DAT version today is 499.
This could have been related to KB68719...