Page tree

Contents

When event logging of a domain or category is blocked in a security report, it is typically a misconfiguration issue in your network environment in which valid DNS queries and traffic are overwhelming the reporting and logging system, resulting in overloading the reporting functionality of the system. 

In particular, this condition exists for queries where WPAD is included in the DNS query, such as WPAD.domainname.com. WPAD or Web Proxy Automatic Detection for Windows is a probe. Leaving WPAD open is a security vulnerability.

When this happens, you should disable your group policy. You can disable the group policy by navigating to the following location on your Windows-based server and disabling automatic detection of configuration settings (User Configuration -> Policies -> Windows Settings -> Connection/Automatic Browser Configuration -> Automatically detect configuration settings -> DISABLE).

For more information on the security risk posed by WPAD, see the following article: Disable WPAD now or have your accounts and private data compromised and Microsoft's online documentation on Automatic Proxy Detection.

  • No labels

This page has no comments.