The VMware Carbon Black Tech Zone is live! Checkout this great resource: Mastering Carbon Black Audit & Remediation.

Insecure TLS versions enabled

This query is designed to find Windows systems (Win7, Win Server 2012 R2 and above) that have overridden the disabling of insecure TLS versions. The output looks like:

Pasted_Image_4_20_21__11_46_AM.png

select 
  case when data = '0'
       then 'TRUE'
       else 'FALSE'
  end 'insecure_protocol_enabled',
  split(key,'\\',7) as 'protocol',
  split(key,'\\',8) as 'type'
from registry
where key like 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\%\%'
  and name = 'DisabledByDefault';

 

1 Comment
jnelson
Carbon Black Employee
Status changed to: Approved