How to disable the driver on a Solaris system that you can't remove the IPS policy on.
Article ID: 163249
Critical System ProtectionData Center Security ServerCritical System Protection Client EditionData Center Security Server AdvancedCloud Workload Protection
It is possible to have a policy in place and not be able to su to sisips or be able to make changes to the agent install directory and you have a policy in place that you do not want and as such can't remove it.
These are some of the condition that can lead to have to reboot an agent to block the loading of the IPS driver on Solaris.
Mistuning a policy by blocking the sisips user from accessing the agent install directories.
Not allowing root as a trusted user so you can't su to sisips
Misconfiguring the manager list
Point to /etc/system-pre-sisips (it may be necessary to "exclude: drv/sisips" to the end of the /etc/system-pre-sisips file depending on how you have configured your system)