The VMware Carbon Black Tech Zone is live! Checkout this great resource: Mastering Carbon Black Audit & Remediation.

Insecure TLS versions enabled

This query is designed to find Windows systems (Win7, Win Server 2012 R2 and above) that have overridden the disabling of insecure TLS versions. The output looks like:

Pasted_Image_4_20_21__11_46_AM.png

select

  case
    when data = '0' then 'TRUE'
    else 'FALSE'
  end 'insecure_protocol_enabled',
  split(key,'\\',7) as 'protocol',
  split(key,'\\',8) as 'type'
from registry
where key like 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\%\%'
  and name = 'DisabledByDefault'
  and split(split(key,'\\',7),' ',1) < '1.2';
1 Comment
jnelson
Carbon Black Employee
Status changed to: Approved