Hi, you can stop the "DefaultAppPool" in the IIS settings.
This should solve your problem.
I still have not tried your suggestion...
reply from McAfee support:
"...I checked that DefaultAppPool should not be stopped...."
"....delete iisstart.htm or remove it from the list of acceptable default Web pages in the Default Website. Also it is related to IIS and beyond the scope of our product ..."
I had already renamed iisstart.htm and it displays a 404 access denied; however from a hackers' point of view they still will know that a webserver is running on that IP/name. Furthermore after renaming the iisstart.htm file log files of over 4Gb in size have been created on W3SVC1 folder.
Well you need https available from the outside for everything to work properly so you can't disable that but as for blocking the insecure http page, is it not acceptable to leave everything at the defaults and block port 80 on the firewall from the internet and internal zones?