Just to note. These may or may not resolve the issue, but seem related from your information.
KB71456 - Windows 7 SP1 installation fails when McAfee Host Intrusion Prevention 8.0 "Startup IPS Protection" option is enabled
KB54778 - How to apply Microsoft Windows Operating System patches when Host Intrusion Prevention 8.0 / 7.0 client is enabled in protect mode
1. Disable the Startup IPS Protection option (if you have it enabled) before applying patches and rebooting.
2. Check for any signature violations related to the Buffer Overflow engine.
Good points, Kary - we don't have startup IPS protection enabled at this time. Also, I checked the KB, but our issue is that we see no events/threats detected in the HIPS log at all.
On the advise of a senior security engineer and McAfee traininer, i disabled the Buffer Overflow engine (in the advanced UI settings) in the internal server environment. We still have protection with VirusScan BO. It seems to have quelled this issue. Seems like the problem is in that engine.
Have you seen this issue resolved? I am planning a HIPS 8 migration soon and this is something I would like to address in the build phase, prior to full production deployment.
Thank you in advance!
I haven't seen a resolution so far, but I'm hopeful that patch 2 will offer some fixes. I'd test with that patch due out later this month I believe.