WPAD Disable

WPAD is an old method Windows uses to automatically configure a proxy server in a corporate environment. Recently it has been exploited to spy on traffic in-flight, it can bypass encryption. I recommend disabling it on your personal computer. If you are concerned about a work computer you might just forward this article to your admin.

How to check if i’m at risk or if my changes have secured me. Download the NirSoft DNSQuerySniffer Run it as Administrator. About every 15 minutes you will see an entry that starts with wpad.yourdomain.name this is the risky behavior. After our registry entry and a reboot you should no longer see these entries. 🙂

To disable: open notepad and paste the following in:

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad]
“WpadOverride”=dword:00000001

Save the file as WpadSecure.reg

Windows may warn you that changing the file type is not advised, just ignore.

Finally double click the file to import into the registry. Windows will need admin rights and Windows will warn you that modifying the registry should be done with caution. Answer Yes to import. This will not be active until after a reboot.

Some Antivirus software installs a local, Static proxy server. This should still work correctly as the problem we are fixing is with Automatic selection of a proxy server.