The VMware Carbon Black Tech Zone is live! Checkout this great resource: Mastering Carbon Black Audit & Remediation.

Insecure TLS versions enabled

This query is designed to find Windows systems (Win7, Win Server 2012 R2 and above) that have overridden the disabling of insecure TLS versions. The output looks like:


  case when data = '0'
       then 'TRUE'
       else 'FALSE'
  end 'insecure_protocol_enabled',
  split(key,'\\',7) as 'protocol',
  split(key,'\\',8) as 'type'
from registry
where key like 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\%\%'
  and name = 'DisabledByDefault';


1 Comment
Carbon Black Employee
Status changed to: Approved