I would start off with enabling all IIS signatures to a LOG or PREVENT status, applying it to a test IIS server, and retesting. There are 120 IIS related signatures, and many of are LOW or DISABLED status. Set your HIPS Protection Policy to a PREVENT status (say HIGH), then set all IIS sigantures to HIGH in a test IPS Rules policy for testing.
Also make sure you're including the McAfee Default policy for Trusted Application and IPS Rules policy assignments.
PD22894 - Host Intrusion Prevention 8.0 for ePO 4.5 Product Guide
FAQ — Multiple-instance policies
Host Intrusion Prevention offers two multiple-instance policies: IPS Rules and Trusted
Applications. These policies allow the application of more than one policy concurrently on a
single client. All other policies are single-instance policies.
The McAfee Default versions of these policies are automatically updated each time Host Intrusion
Prevention security content is updated. For this reason, these policies always need to be assigned
to clients to ensure that security content updates are applied. When more than one instance is
applied, what results is a union of all the instances, called the effective policy.