I did a test last night:
1. Created two new static groups, group#1 for endpoints, group#2 for servers.
2. In ERA v6 created two new separate policies from scratch with only HIPS setting disabled (enforced), one for v6 endpoints (EEA), one for v6 servers (EFSW).
3. Assigned a policy to a corresponding group (the endpoints policy to group#1, the servers policy to group#2).
4. Picked two EEA v6 endpoints running Win7 64bit and moved in the group#1, picked two EFSW v6 servers running Win2008R2 and moved in the group#2.
5. Checked the settings on all four clients: HIPS status in Setup menu - Enabled, HIPS status in the Advanced Setup menu - Disabled and grayed out.
6. Rebooted all four clients and checked HIPS status again: HIPS status in Setup menu - Disabled
7. Checked the status again this morning (8-9 hours after): HIPS status in Setup menu is now ENABLED on all four test clients!!! (HIPS status in the Advanced Setup menu still disabled and grayed out).
Of course, if I reboot a client again, the HIPS will disable, but after some time if will automatically turn back on again! So, there is certainly something fishy going on... any suggestions?