Vulnerability check reports disabled SSL/TLS version as enabled
You have disabled a specific version of TLS/SSL using following registry as mentioned in https://support.microsoft.com/en-in/help/245030/how-to-restrict-the-use-of-certain-cryptographic-algorithms-and-protoc:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\<SSL/TLS version to disable>\Server
When you run vulnerability scan in your environment, you still get disabled SSL/TLS version listed as enabled in the vulnerability report over a specific port (e.g. 4883)
Capture following data:
1) Netstat /anob > netstat.txt
2) Tasklist /svc > tasklist.txt
Look into netstat.txt file to identify which process is using port 4883.
[svchost.exe] TCP 10.9.2.109:4883 0.0.0.0:0 LISTENING 2898
In this case, svchost.exe process is using port 4883 and it’s process ID is 2988. Svchost is a sort of bucket or sandbox that can host multiple programs. Looking at the process ID i.e., 2898 you can figure out which process in svchost.exe is causing the problem.
Image Name PID Services ============ ============= java.exe 2898
Since, the specific version of SSL/TLS from Registry path: HKLM SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\<SSL/TLS>, it disables that specific version of SSL/TLS on SChannel used by OS. If java.exe is using its own schannel, SSL/TLS version to be disabled needs to be done from java.exe.
Work with process owner to disable SSL/TLS version which is being reported in the vulnerability reports. In this case java.exe is causing the issue. Hence, java team needs to address this.