Moved to HIPs for better attention.
I'm having this exact same issue and I was wondering if you were able to find a fix. I'm new to HIPS and have very little experience with ePO.
The fix would be to tune HIPS; start by identifying the rule that is blocking the install to determine what to do from there. Usually the easiest way to do this is to find the machine within ePO, click Actions > Agent > Show Threat Events. From there you should be able to find the threat event from HIPS that is blocking the IE install.
After that, and here is where you will start to learn HIPS more, you are going to need to determine if you need to make an exception for the rule that is blocking it, maybe lower the severity rating of the rule, maybe create an exception for certain users, etc... there are a bunch of ways to allow the install to go through and I guess it comes down to your organization and how you guys want to do things.
Easiest fastest way, find the threat event from above, then click Actions > New Threat Exception; find the policy that is being used by those machines and apply it to that. Wake them up, and the install should work fine. Not saying this is the method you should use, but itll work.
Did you enable the IPS Options feature Startup IPS protection enabled? If so, disable it, apply the IE11 update, then reboot.
KB54778 - How to apply Microsoft Windows operating system patches when the Host Intrusion Prevention 8.0 / 7.0 client is enabled in protect mode