.png?width=180&height=32&name=NW%20Logo%20(2).png){kind=small}
How to disable the rsaMalwareDevice service at boot time on RSA NetWitness Platform Server appliance
Issue
How to disable the rsaMalwareDevice service at boot time on an RSA NetWitness Server appliance.
Resolution
The rsaMalwareDevice respawns automatically as specified in the /etc/init/rsaMalwareDevice.conf.
The following messages may be seen in the NetWitness Server appliance logs, which indicates that the rsaMalwareDevice service is respawning after it was terminated:
May 16 13:54:10 servername init: rsaMalwareDevice main process (16584) terminated with status 254
May 16 13:54:10 servername init: rsaMalwareDevice main process ended, respawning
This indicates that the rsaMalwareDevice service is respawning after it was terminated.
If you do not use any malware analysis device, then you can disable the rsaMalwareDevice so that you will not get these messages on the NetWitness server logs.
To disable rsaMalwareDevice, connect to the RSA NetWitness Server via SSH as the root user and issue the following command:
# stop rsaMalwareDevice
Next, issue the following command to ensure that the service will not run even after a server reboot:
# mv /etc/init/rsaMalwareDevice.conf /etc/init/rsaMalwareDevice.conf.old
Internal Comments
UserName:shurtj8/7/2014 8:10:00 PM - Updated Article
Updated article and made changes to abide by Primus best practices.
Jemma Lee -- 30 Aug 2019
Adjusted the title to adhere to best practice and updated "Applies To".
Product Details
RSA Product Set: NetWitness Logs & NetworkRSA Product/Service Type: NW Server, Malware
RSA Version/Condition: 10.6.x
Platform: CentOS 6
Approval Reviewer Queue
RSA NetWitness Suite Approval Queue