Vulnerabilities in security configuration on your Windows machines should be remediated - Turn off multicast name resolution

Question

Vulnerabilities in security configuration on your Windows machines should be remediated - Turn off multicast name resolution

Ben Jackson 36

Could someone advise if I have missed something please, I'm trying to address the Defender for Cloud security check finding "Turn off multicast name resolution" and have as far as I know dealt with this correctly, yet the finding remains.

I have set the registry per AZ-WIN-00145 Key Path: SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\EnableMulticast to 0 and disabled NetBIOS over TCP-IP on the NIC

What am I missing?

Appreciate any suggestions

JamesTran-MSFT 37,246 Reputation points Microsoft Employee Moderator

2022-10-03T22:30:31.48+00:00
@Ben Jackson
Thank you for your post!

Since I'm not able to see the recommendation within my Defender for Cloud environment, can you share a screenshot of what you're seeing?

After you changed your registry settings, how long after did you wait for the recommendation to disappear? When it comes to operating system security configuration latency times, this could take up to 48hrs for data to be updated.

Windows Security Baseline - Administrative Templates - Network:

Additional Links:
How often does Defender for Cloud scan for operating system vulnerabilities, system updates, and endpoint protection issues?
Security recommendations - a reference guide
Create and view exceptions for security recommendations

If you have any other questions, please let me know.
Thank you for your time and patience throughout this issue.
Ben Jackson 36 Reputation points

2022-10-04T14:05:18.217+00:00

Here is the registry setting, EnableMulticast = 0 which should mean multicast is disabled I would expect? Yet Defender findings to Turn off multicast name resolution remain.

Is it that it wants the group policy setting enabled also despite correct registry setting perhaps?

This has been the case for weeks since changes were applied.

Cheers.

2 answers

Your answer

JamesTran-MSFT 37,246 Reputation points Microsoft Employee Moderator

2022-10-03T22:30:31.48+00:00

@Ben Jackson
Thank you for your post!

Since I'm not able to see the recommendation within my Defender for Cloud environment, can you share a screenshot of what you're seeing?

After you changed your registry settings, how long after did you wait for the recommendation to disappear? When it comes to operating system security configuration latency times, this could take up to 48hrs for data to be updated.

Windows Security Baseline - Administrative Templates - Network:

Additional Links:
How often does Defender for Cloud scan for operating system vulnerabilities, system updates, and endpoint protection issues?
Security recommendations - a reference guide
Create and view exceptions for security recommendations

If you have any other questions, please let me know.
Thank you for your time and patience throughout this issue.
Ben Jackson 36 Reputation points

2022-10-04T14:05:18.217+00:00

Here is the registry setting, EnableMulticast = 0 which should mean multicast is disabled I would expect? Yet Defender findings to Turn off multicast name resolution remain.

Is it that it wants the group policy setting enabled also despite correct registry setting perhaps?

This has been the case for weeks since changes were applied.

Cheers.

Answer 1

JamesTran-MSFT 37,246 Microsoft Employee Moderator

@Ben Jackson
Thank you for following up on this!

From your Microsoft Defender for Cloud Recommendation, I found a related support case and based off the Windows Security Baseline Administrative Templates - Network documentation, it looks like you'll have to Enable the Turn off multicast name resolution feature.

If you're still having issues with the recommendation after Enabling the Turn off multicast name resolution feature, can you share what the remediation steps are? Along with a screenshot of what you're seeing within the Portal?

I hope this helps!

If you'd like our support team to take a closer look into your environment and issue through a free technical support request, please let me know.
Thank you for your time and patience throughout this issue.

----------

Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.

Ben Jackson 36 Reputation points

2022-10-06T16:45:16.817+00:00

Thanks, will go with Group Policy in due course and test - will report back on outcome.
JamesTran-MSFT 37,246 Reputation points Microsoft Employee Moderator

2022-10-06T18:30:14.767+00:00

@Ben Jackson
Thank you for following up on this and I look forward to your update!
JamesTran-MSFT 37,246 Reputation points Microsoft Employee Moderator

2022-10-10T21:36:09.17+00:00

@Ben Jackson
I just wanted to check in and see if you were able to resolve this issue?

If you have any other questions, please let me know.
Thank you for your time and patience throughout this issue.

Answer 2

Limitless Technology 40,101

Hi,

In order to turn off multicast name resolution, you need to set the DWORD at the registry key listed above to 1.

I hope this answers your question.

-----------------------------------------------------------------------------------------------------------------------------------------------

--If the reply is helpful, please Upvote and Accept as answer--

Ben Jackson 36 Reputation points

2022-10-04T19:25:09.487+00:00

I would expect that will enable multicast?

Share via

Vulnerabilities in security configuration on your Windows machines should be remediated - Turn off multicast name resolution

2 answers

Your answer