- Clear all the client rules from the HIPS client (using the DO NOT RETAIN EXISTING CLIENT RULES option or manual deletion). Seems you did this step already.
- Ensure client is running McAfee Agent ClientUI policy with "" enabled.
- Perform full Agent Wakeup call with Get Full Props selected.
- After ASCI, check the ePO Node Properties. Under HIPS, you should see Local exception rule count set to 0 and no Client firewall rules XXX_XXX entries.
- Run the HIPS Property Translator task. The associated client rules, that did exist in the ePO Node properties (and ePO tables) should now match the HIPS Client Rules menu (and HIPS tables) showing client rules removed.
There is no way to manually delete them from ePO. You must clean out the client data and update the ePO node properties, and use the HIPS Property Translator task to add/delete from the Client Rules menu. The client rules must be cleared in this order.
Client -> ePO Node properties -> HIPS Property Translator task -> HIPS client rules menu & tables
Can you tell me how to get into the ePO Node Properties?
In the ePO Console, click on the System Tree. Under any groups, find the System Name (i.e., ePO Node) and click on the node. This will take you to the system properties of that machine, which gives you all the details of what products are installed, versions, etc. Click on the Products tab and then the Host Intrusion Prevention product to see the product properties of that system.