You may find vulnerability scan report pointing to the fact that Symantec Directory component running on (or utilizing) port 9443 (which is dedicated to DXagent process) is using RC4 Cipher Suites and looking for a way to disable this Cipher Suites.
Release : 14.1
Component : CA Directory
Currently we do not have a way to disable RC4 ciphers for DXagent/port 9443. Our engineering team is working internally to make this possible but in the mean time if you are not using Directory Manager component, here are your options:
For Linux, there are two workarounds to disable DXagent service.
A) Rename the DXagent binary at location: $DXHOME/dxserver/bin
File name: dxagent
Outcome:
1. Once the file is renamed the dxagent services will not be running.
2. DXagent service will remain disabled after reboot as well.
B) Comment out the code in dxserver auto-start file at location: /etc/rc.d/init.d
File name: dxserver
Prerequisite:
Stop DXagent services manually by executing ./stop_dxagent.sh from location $DXHOME/dxserver/dxagent
Steps to disable services to start automatically upon an OS reboot:
Need the below code to be commented out from /etc/rc.d/init.d/dxserver file.
# start dxagent if it exists
if [ -x $DXHOME/bin/dxagent ]; then
echo "Starting DXagent" | tee -a $DXLOG
$SU - $DXUSER -c "cd ${DXHOME}/bin; ./dxagent start" >> $DXLOG 2>&1
fi
Outcome:
1. We have verified that once stopped manually prerequisite services will not run.
2. We have verified that once rebooted service will not start automatically. If required, it can be started manually with ./start_dxagent.sh from location $DXHOME/dxserver/dxagent.
Conclusion:
1) These are simple workaround and can be managed without deleting the services completely.
2) Later if DXagent service may require it can be resumed easily without upgrade/reinstall.