1. Make sure the HIPS Client UI is locked (or closed).
2. If you have set the McAfee Agent tray icon to Disable IPS, Disable Firewall, or Disable App Blocking, use the Restore Settings options.
With either of these two issues, the McAfee Agent will not enforce HIPS policies (as designed).
3. In the ePO server console, use the Modify policies on single system option and view the system's policy assignments. Verify that the Enforcement Status (option next to the Host Intrusion Prevention 7.0 product listing) is set to Enforcing.
If these do not resolve it, I would suggest contacting McAfee Support for further troubleshooting.
So it's looking more and more like a "Windows 7" problem. I went ahead and moved one of our extra servers into this group just to test it out, and it appears to pull down the firewall rules without any problems. The server I used was Windows 2008 R2. It pulled them down on the first try.
I'm wondering if it's a GPO, etc. issue on the Windows 7 box. Thoughts?
I might also add that I just tested on Windows Vista and it worked fine. Do you know if there are issues with HIPS 7 with Patch 8 and Windows 7 x64?
I upgraded to HIPS 8 and it works fine now. I couldn't get it working with 7 (no matter the patch level).