O R G A N I C / F E R T I L I Z E R: moving to endpoint protection

Dec 27, 2011

moving to endpoint protection

made the switch this morning to forefront endpoint protection -- or what will be known as system center endpoint protection. most of it went okay, but there were a couple of mcafee components that made the process PAINFUL! believe it or not, the antivirus component was not it.

the removal of the host intrusion prevention system (hips) and the mcafee agent itself were both more time-consuming than required, each with its own peculiarity. :/


removing hips

attempting to remove the hips agent may produce an error about needing to "disable self-protect mode." I am shamelessly stealing this from the site kmit4u because the instructions are quite near perfect and don't need revising:

  1. Click Start, Run, type explorer and click OK.
  2. Navigate to: C:\Program Files\McAfee\Host Intrusion Prevention\
  3. Double-click McAfeeFire.exe.
  4. Click Task, Unlock User Interface.
  5. Type the unlock code, and select Administrator Password.
    NOTE: By default, the unlock code is abcde12345
  6. After the user interface is unlocked, click the IPS Policy tab. 
  7. Deselect Enable Host IPS and Enable Network IPS. (The Firewall Policy can be disabled on its own tab.)
  8. Select Task, Exit.
    Credit: Knowledge Management IT for you: How to disable the Host Intrusion Prevention(IDS) Mcafee disable self-protect mode
    Under Creative Commons License: Attribution

after following those steps, i was able to remove the hips agent!


removing the mcafee agent

while attempting to remove the mcafee agent, it kept telling me that "other products are still using it." uh no. I removed all other products! here's how you force it:

  1. open up a cmd prompt.
  2. navigate to the directory where frminst.exe is located. generally this is in the "common framework" directory of mcafee.
  3. run the following:

frminst.exe /forceuninstall

now, smile happily as you have slain the hideous beast!