I am running an SSL Labs scan on one of my domains and a Nessus scan on the IP Address. It keeps coming back with the RC4 ciphers present but I cannot see where they are on the system. It's a 2008R2 server with IIS. We had applied the windows update that disabled RC4, checked in the Registry that RC4 is disabled, removed RC4 by specifiying the preferred cipher list in GPEdit.msc, ensured that DotNet is above version 3.51 but the prescence of RC4 ciphers persists in our detection. The only device in the way is a Palo Alto firewall and we are not offloading SSL on the firewall.
Any ideas? We have a number of servers that all list RC4 (listed as Bar Mitzvah on Nessus) and I cannot see where RC4 is on these systems having done what I have found as the recommended actions?