I am the McAfee administrator.  We use HIPS on all 3000 of our workstations (most of which are laptops, so it was an ease of policy creation decision), managed through ePO.  We NEVER put HIPS on our servers (over 600).  Our thinking is this:

• If someone manages to hack through external controls, McAfee isn't probably going to stop them.
• Inside a secure environment, it causes more problems than it resolves.

Remember, that software is called Host Intrusion Prevention for Desktops, not for Servers. ;-)  Regardless of what McAfee may say (they do want your $$, afterall), I have never seen positive benefits from running HIPS on servers in a secured environment.  I have been a McAfee admin for 10 years.

surely you have the experience to comment on it.

Did you have it on the servers for sometime before you removed it (you said 'it causes more problems than it resolves'. Can you give some examples in which ways it gave you problems,?)

they have it now for servers, too
http://www.mcafee.com/us/enterprise/products/system_security/servers/host_intrusion_prevention_server.html

Also, does HIPS gives any slow performance for laptops? If you used it on server, did you notice any perforamance issues there?

the port closing could have been a real hassle to deal with..

what do you use for network level intrusion prevention?

TippingPoint

Thanks for sharing your experience with HIPS.