- Carbon Black Cloud: LiveQuery search
How do I interpret the results of the Audit & Remediation query for TLS settings?
For the Audit & Remediation query as follows
reg.data as Value,
WHEN reg.data = 1 THEN 'TLS 1.2 Protocol disabled'
WHEN reg.data = 0 THEN 'TLS 1.2 not disabled by default'
ELSE 'Registry key not found' END DisabledByDefault
FROM registry reg WHERE PATH LIKE 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client\DisabledByDefault';
the results mean
|0||TLS 1.2 is not disabled on this Device|
|1||TLS 1.2 is disabled on the Device|
|"Registry key not found"||This OS does not have this registry key by default|
A number of Operating Systems do not have a registry value created for disabling TLS 1.2 as listed in the query but they are shown in the article linked to the FAQ in Related Links. These should show the value of "Registry key not found".
It is much clearer to use the following search terms on Inventory
→ VM Workloads
tlsVersion:TLSv1 OR tlsVersion:TLSv1.1