000026954 - How to disable the rsaMalwareDevice service at boot time on an RSA Security Analytics server appliance

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000026954
Applies ToRSA Security Analytics
RSA Security Analytics Malware Analysis
IssueHow to disable the rsaMalwareDevice service at boot time on an RSA Security Analytics server appliance.
Resolution

The rsaMalwareDevice respawns automatically as specified in the in the /etc/init/rsaMalwareDevice.conf.

The following messages may be seen in the Security Analytics server appliance logs, which indicates that the rsaMalwareDevice service is respawning after it was terminated:

May 16 13:54:10 servername init: rsaMalwareDevice main process (16584) terminated with status 254
May 16 13:54:10 servername init: rsaMalwareDevice main process ended, respawning

This indicates that the rsaMalwareDevice service is respawning after it was terminated.

 

If you do not use any malware analysis device, then you can disable the rsaMalwareDevice so that you will not get these messages on the Security Analytics server logs.

To disable rsaMalwareDevice, connect to the RSA Security Analytics server via SSH as the root user and issue the following command:  stop rsaMalwareDevice

Next, issue the following command to ensure that the service will not run even after a server reboot:  mv /etc/init/rsaMalwareDevice.conf  /etc/init/rsaMalwareDevice.conf.old

 

If you are unsure of any of the steps above or experience any issues, contact RSA Support and quote this article ID for further assistance.

Legacy Article IDa65682

Attachments

    Outcomes