Here are some screen captures of the Meterpreter threads running inside the Symantec SEP 11 HIPS process and inside the McAfee TOPS HIPS process. I guess DLL injection into the HIPS process isn't a malicious enough behavior.
Both HIPS seems to do a good job of blocking network based exploits, but its still game over if a client runs malicious code or the attacker knows a valid login and password for the box. MAYBE all is not lost. The verdict is still out on whether or not the HIPS config can be adjusted to block this type of backdoor.