search cancel

How to disable the driver on a Solaris system that you can't remove the IPS policy on.


Article ID: 163249


Updated On:


Critical System Protection Data Center Security Server Critical System Protection Client Edition Data Center Security Server Advanced Cloud Workload Protection


It is possible to have a policy in place and not be able to su to sisips or be able to make changes to the agent install directory and you have a policy in place that you do not want and as such can't remove it.


These are some of the condition that can lead to have to reboot an agent to block the loading of the IPS driver on Solaris.

  1. Mistuning a policy by blocking the sisips user from accessing the agent install directories.
  2. Not allowing root as a trusted user so you can't su to sisips
  3. Misconfiguring the manager list 


  1.   Boot -as
  2.   Point to /etc/system-pre-sisips (it may be necessary to "exclude: drv/sisips" to the end of the /etc/system-pre-sisips file depending on how you have configured your system)
  3.   Continue and boot the server
  4.   Login as root
  5.   su - sisips
  6. -r