1. Ensure the Host IPS module is enabled via policy.
2. Ensure you have the "McAfee Default" policy assigned to HIPS 8.0 IPS Rules and Trusted Applications policy assignments, in addition to custom policies.
3. Ensure you have the Protection Policy set to HIGH: PREVENT mode.
4. In the IPS Rules policy, ensue that Signatures 1000-1003 are set to HIGH severity.
5. Ensure you don' thave any IPS exceptions for Signature 1000-1003.
With the above set, you should not be able to stop the HIPS services (LPC and Host Intrusion Prevention, specifically), regardless if you have admin rights to the system. If you have debug logging enabled, the Hipshield.log file should record Sig 1000 event violations if you try to stop the services.