Yes, by setting up connection aware group (CAG) within the firewall portion of McAfee HIPS.
When a system has matched a CAG rule (that has Connection Isolation enabled), then:
1. All network traffic for the other network adapters that don't match the CAG (with isolation) will be blocked.
2. All other CAGs below the CAG (with isolation) will be ignored.
3. All firewall rules below the CAG (with isolation) will only apply to the matching-CAG (with isolation) network adapter.
thanks - I'll take a look at this.
EDIT: it certainly looks like this covers what I'm looking for - https://kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/ 20000/PD20747/en_US/18-na-cor-hipfc-001-…