diff --git a/scripts/base/protocols/rfb/main.bro b/scripts/base/protocols/rfb/main.bro
index 97f194b789..60dcd17b03 100644
--- a/scripts/base/protocols/rfb/main.bro
+++ b/scripts/base/protocols/rfb/main.bro
@@ -106,7 +106,6 @@ event rfb_server_version(c: connection, major_version: string, minor_version: st
 	set_session(c);
 	c$rfb_state$server_major_version = major_version;
 	c$rfb_state$server_minor_version = minor_version;
-	add c$service["rfb"];
 	}
 
 event rfb_authentication_type(c: connection, authtype: count)
diff --git a/src/analyzer/protocol/rfb/rfb-analyzer.pac b/src/analyzer/protocol/rfb/rfb-analyzer.pac
index 4233a423f7..d357ddee28 100644
--- a/src/analyzer/protocol/rfb/rfb-analyzer.pac
+++ b/src/analyzer/protocol/rfb/rfb-analyzer.pac
@@ -1,5 +1,3 @@
-# Generated by binpac_quickstart
-
 refine flow RFB_Flow += {
 	function proc_rfb_message(msg: RFB_PDU): bool
 		%{
@@ -7,16 +5,13 @@ refine flow RFB_Flow += {
 		return true;
 		%}
 
-	function proc_rfb_client_version(major: bytestring, minor: bytestring) : bool
-		%{
-		BifEvent::generate_rfb_client_version(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), bytestring_to_val(major), bytestring_to_val(minor));
-		return true;
-		%}
-
 	function proc_rfb_version(client: bool, major: bytestring, minor: bytestring) : bool
 		%{
 		if (client) {
 			BifEvent::generate_rfb_client_version(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), bytestring_to_val(major), bytestring_to_val(minor));
+
+			connection()->bro_analyzer()->ProtocolConfirmation();
+
 		} else {
 			BifEvent::generate_rfb_server_version(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), bytestring_to_val(major), bytestring_to_val(minor));
 		}