RCC - check your system's trusted root certificate store

Thanks for the update

 

Thank you.

Question:
From the website a RCC description:

However I wonder if this program can highlight outdated, not necessarily rogue, certificates in a no Windows updates scenario, that is, a machine which its Windows OS has not been updated neither WU nor manually.

 

RCC 1.69.017 available
Updated: 2017-03-04
https://www.trustprobe.com/fs1/apps.html

 

Thanks for the update!

Can you replace the SHA1 checksums with SHA2-512 or SHA3?

 

By 'outdated', do you mean.expired certificates, or an outdated certificate list (CTL)? I'm working on detecting potentially outdated CTLs.

 

Currently, all major trust list maintainers (Microsoft, Apple, Mozilla, Google) still rely on SHA1 to identify root certificates, so it is probably a little too early to switch.
Also, the current consensus is that the recently announced SHA1 collision does not impact this use case.

 

But that doesnt mean the whole world need to follow that. I sure or at least hope, that the big player change that ASAP.
Also it is no big deal to provide a secure checksum instead of a old, broken MD5 or SHA1

 

Actually, while I have problems with the "Mozilla attitude"--and Google--the fact is that between them they are the "whole world". Certainly I feel that SHA1 is a tad dated, not to mention bunged up, but what you're asking is for Sven to give us info in one language, while reading the info in another. Which will make life difficult for us when we want to manipulate our Cert Stores.

So do we all Mozilla can often be spelled "Godz....", and Google is suspected by many people of dastardly deeds. But don't hold your breath. These Three are up there because the whole (western) world buys their products and loves them. They have no reason to change their winning ways.

 

Sven... While I'm here, I notice the lede from RCC:

For continued use, consider making a donation or purchasing a license.

Ummmmm, I'd be happy to purchase a licence (one machine) for something in the usual line of US$20/year (about Au$26.50). I can live with a cmd box, but definitely a user guide would be highly appreciated, since RCC's options are not well documented, but also Microsoft's kludgy handling of certificates is... less than intuitive. And apart from functionality-related program upgrades, I do agree with the calls to have RCC download the CTL on ignition.

This is the sort of software I would use about two or three times a year, just to keep an eye on what my web-facing apps are doing while I'm out of the house, or if I change software.

 

I asked because of an intermittent issue I have, sometimes it quiets for 1 month or so then comes back.
https://www.wilderssecurity.com/threads/disallowedcertstl-cab-from-ctdl-windowsupdate-com.390333/

 

RCC 1.69.019 available
Updated: 2017-03-19
https://www.trustprobe.com/fs1/apps.html

 

Why does the file version for the exe file not always get updated? You have to run the program to see what version
you have. filever shows 1.0.69.17, but when you run the program, you see RCC 1.69.019

 

If i look at the file-properties, the "Product-version" is correct: 1.0.69.019
but yes, the file version is always showing an older version.

 

RCC 1.69.020 available
Updated: 2017-04-05
https://www.trustprobe.com/fs1/apps.html

(File version + Product version = 1.0.69.20)

 

Thanks!

 

Any idea what is that used for (A Google certificate installed on my system a month ago).

I exported it before deleting it and now RCC doesn't detect it anymore. There is not much information about it in Google (I got only 2 results for it). By the way Zemana AntiMalware is detecting it as well:

Spoiler

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\33FCD70343BBE07972D73CDEFDEB3C9F4DCEFE28]
"Blob"=hex:04,00,00,00,01,00,00,00,10,00,00,00,7d,8a,2d,99,47,56,48,a9,31,1f,\
f7,85,3d,be,52,3d,0f,00,00,00,01,00,00,00,14,00,00,00,b9,cb,75,d4,a6,df,d0,\
41,7f,a9,0a,d0,46,c6,65,84,c8,f4,8e,57,5c,00,00,00,01,00,00,00,04,00,00,00,\
00,10,00,00,03,00,00,00,01,00,00,00,14,00,00,00,33,fc,d7,03,43,bb,e0,79,72,\
d7,3c,de,fd,eb,3c,9f,4d,ce,fe,28,14,00,00,00,01,00,00,00,14,00,00,00,c1,5d,\
83,5f,94,84,de,ed,75,16,cb,4f,5d,7c,29,78,5d,ab,e6,fe,19,00,00,00,01,00,00,\
00,10,00,00,00,11,69,0d,2e,73,e3,f5,ac,c6,12,a0,b4,03,75,1c,5f,20,00,00,00,\
01,00,00,00,1c,05,00,00,30,82,05,18,30,82,03,00,02,09,00,cd,0b,32,ef,b4,f4,\
cd,13,30,0d,06,09,2a,86,48,86,f7,0d,01,01,05,05,00,30,4e,31,0b,30,09,06,03,\
55,04,06,13,02,55,53,31,17,30,15,06,03,55,04,07,0c,0e,53,69,6c,69,63,6f,6e,\
20,56,61,6c,6c,65,79,31,15,30,13,06,03,55,04,0a,0c,0c,41,75,74,68,65,6e,74,\
69,63,6f,64,65,31,0f,30,0d,06,03,55,04,03,0c,06,47,6f,6f,67,6c,65,30,1e,17,\
0d,31,35,30,37,32,31,32,31,30,35,30,38,5a,17,0d,32,30,30,37,32,30,32,31,30,\
35,30,38,5a,30,4e,31,0b,30,09,06,03,55,04,06,13,02,55,53,31,17,30,15,06,03,\
55,04,07,0c,0e,53,69,6c,69,63,6f,6e,20,56,61,6c,6c,65,79,31,15,30,13,06,03,\
55,04,0a,0c,0c,41,75,74,68,65,6e,74,69,63,6f,64,65,31,0f,30,0d,06,03,55,04,\
03,0c,06,47,6f,6f,67,6c,65,30,82,02,22,30,0d,06,09,2a,86,48,86,f7,0d,01,01,\
01,05,00,03,82,02,0f,00,30,82,02,0a,02,82,02,01,00,e2,3c,8b,41,f3,af,89,59,\
15,cd,85,b2,fa,29,b8,2c,8d,c1,9b,98,36,ac,22,06,a8,09,1c,a1,a3,89,2c,f5,28,\
0c,1d,05,7c,c0,45,a0,3d,0c,d2,1b,50,06,8e,16,e1,af,01,31,a1,9a,93,57,da,bb,\
90,2d,67,d6,c5,60,fb,0d,77,97,8d,2a,2f,be,84,b3,bd,8e,6a,35,8f,7d,77,a9,ef,\
0d,b5,4f,c7,7f,9f,36,9a,6b,12,89,d6,9c,a6,36,7d,5f,f7,a2,b5,95,c8,11,4b,59,\
09,ad,5e,42,75,9d,53,6e,d8,e0,1a,94,10,91,8d,50,15,37,d8,fb,5c,46,f6,33,b4,\
9b,ff,84,88,67,df,d6,96,09,5e,43,60,4a,cc,7a,cd,8b,b5,c0,1d,cf,2c,8b,97,85,\
36,aa,c6,e1,12,1e,1f,e7,26,03,9a,42,d8,95,08,33,29,bc,f8,b5,d6,bf,14,43,3b,\
2c,6a,76,1e,11,6c,b8,90,d8,2c,04,ce,cb,11,af,d5,09,4e,36,1a,07,f3,9e,62,cb,\
dd,7a,e1,eb,37,f2,1c,42,ed,c7,5b,e4,ad,b2,ff,f7,a1,ad,ac,78,c4,f3,7e,9e,d2,\
1d,d1,d3,03,ed,bd,b3,7c,8f,17,d1,b5,fc,28,cd,b3,24,48,2d,a7,5f,5a,84,74,35,\
3a,ad,10,1d,5c,93,73,46,27,92,16,e4,1e,4a,3c,8c,30,16,4c,fc,c8,a6,fb,f4,b2,\
b6,59,35,ea,34,a3,76,fd,e4,7a,6d,fd,58,9e,d2,8c,a9,c7,d5,57,ac,da,6f,ed,f0,\
a7,60,de,7e,95,c2,40,b4,96,80,64,7d,58,02,bc,57,4f,70,77,ef,7b,3c,c8,5c,38,\
ed,03,41,2b,a5,6e,c8,f4,e2,f4,7f,73,72,f7,da,af,58,b2,ab,ff,13,06,5b,62,7a,\
c5,51,fd,a3,14,03,6e,30,6c,97,95,62,a1,a6,ac,10,9b,7a,2a,b5,f7,7d,75,69,9b,\
5d,90,13,b9,a6,40,bb,24,dc,be,cc,81,2b,7e,54,e5,4e,5f,1e,b1,a2,6c,dd,4f,ee,\
46,6d,9e,71,49,3e,5a,d5,e9,b4,8d,d0,d6,52,44,88,08,af,ec,c6,14,da,d2,9a,37,\
89,6f,f1,cd,6c,40,b2,db,4b,6d,46,22,45,f3,90,de,31,2e,88,2a,c2,62,b9,47,fa,\
a3,c2,18,47,3c,3b,61,00,b9,b6,a7,46,23,59,0a,32,5a,ba,61,4d,95,e0,ec,7f,ac,\
0b,dc,f8,2f,d1,7d,78,c9,ec,91,72,4a,a9,54,09,3f,56,c6,74,21,8a,69,ac,a1,58,\
cb,d1,f3,93,02,03,01,00,01,30,0d,06,09,2a,86,48,86,f7,0d,01,01,05,05,00,03,\
82,02,01,00,a8,00,b3,79,84,07,f8,35,bd,a2,79,63,9a,31,b8,3b,df,14,6b,c3,20,\
75,51,7b,2d,c3,f5,d4,86,30,e7,9a,ef,bb,e9,e4,53,1f,f5,9b,77,f3,9b,52,41,ae,\
43,c9,35,dd,d1,0d,cc,43,fa,1d,11,df,53,7b,65,0e,7b,7b,fa,92,25,0c,83,9d,6d,\
bd,7e,bd,6f,68,86,65,23,50,83,52,64,f7,cb,0d,e7,3a,ef,7f,3d,f9,de,c6,ec,59,\
86,f7,c3,33,78,f0,93,4c,7a,67,e6,3d,ad,9d,7a,fb,90,ad,c7,1b,0f,70,f3,b2,0f,\
39,ea,f1,b8,8a,a5,ba,d7,7b,84,31,ea,d2,a7,22,c9,38,ac,92,c8,b9,d3,62,3b,9a,\
a7,7f,39,24,06,68,70,c1,e7,14,50,84,f5,b0,a1,b2,5c,19,a9,a7,44,c9,1d,13,7e,\
74,c3,1d,68,b5,02,87,af,bc,14,7b,8c,aa,54,bc,ce,85,8a,fa,4c,f0,a7,03,23,4b,\
b1,ab,b5,9d,fc,2e,57,e8,56,17,bb,a0,f7,c5,a8,41,92,5e,e8,e0,85,d3,16,4e,cb,\
f2,e0,50,f3,fc,98,af,a7,8a,5c,07,cb,b4,28,e0,a1,fe,2a,8e,d3,79,7e,7c,b2,af,\
80,fb,f5,44,df,d5,8c,d1,35,66,a3,57,f0,08,24,3e,ac,d7,66,a2,02,5c,95,71,3e,\
42,69,b0,d9,c7,af,39,f1,e6,85,68,02,ee,8b,af,81,64,7a,21,6a,92,ed,5e,af,bb,\
d2,24,58,54,e2,d5,25,51,d5,86,80,35,9e,a1,25,03,0e,24,4a,9c,70,db,6e,2c,08,\
4f,04,f0,b6,98,1e,2b,29,35,da,3d,da,ed,f5,4c,ee,c2,70,f2,31,c9,94,93,f1,7a,\
c3,4a,b2,48,87,5c,39,15,7d,58,50,b4,09,33,8f,3b,fb,59,ec,cc,4f,14,2c,8d,85,\
31,34,77,31,d7,d6,97,f5,0e,b3,01,b1,12,13,95,b1,84,c8,c2,da,7d,7b,b4,64,9f,\
99,41,86,cd,78,37,cd,08,ac,63,40,d9,e0,0b,f3,a1,c2,43,77,64,aa,1f,41,69,a9,\
40,77,ad,b1,c9,f1,28,7b,bf,e8,0c,c3,d6,f4,51,37,c7,cc,cc,71,71,2d,65,9f,50,\
63,bf,e1,14,30,74,e9,cf,13,bf,72,f6,36,99,6c,e6,46,e5,de,d1,74,56,19,9c,f5,\
61,3a,dc,00,88,f5,c1,d2,ce,c6,b9,c3,7c,86,a3,87,a9,a6,e9,18,e6,9b,7f,51,20,\
cf,b8,a7,0c,fb,29,40,14,ac,61,02,5e,05,f7,07,de

 

Try checking if you installed any Google software on that day.

 

I didn't find any software related to Google in that period of time. In fact I even don't have any Google related software installed so I simple deleted it. Didn't encounter any issues so far but will keep the backup file for a while (just in case).

 

Is RCC still developed by svenfaw?

Maybe I never noticed before, but I saw a different name in the copyright.

 

I looked in the scan-results from a version of 2016 and i can see the same copyright.
The copyright doesn't changed since a long time, but yes, it is not svenfaw

 

Aaahh... And the relevance is...? Actually, the copyright is held by Stephen Fenchurch, hence the "FS1" which differentiates him from Sally Firbuckle ("FS")

Seriously, did youse really expect svenfaw to use his "real" name on a public security forum? Or even on his downloads page? I wouldn't worry over a change of copyright nominee, the big (and important!!!!!!) question is about the reliability of the product. Now if I see--for example--CruelSister criticising the product and mentioning the change of copyright nominee, then, yes, it's time to be concerned. But ATM it's none of my business.

 

I was no longer interested in staying anonymous and started releasing RCC (and most of the other apps) under my real name a couple months ago.

 

Ah, thanks. Curiosity satisfied

 

Sorry for the late reponse.
This is actually quite intriguing. I can't seem to import that registry entry - are you sure you posted the entire certificate data?

A few more questions:

1. Do you remember the exact name of the certificate?
2. Did you save RCC's output to a file?
3. Did you install *any* software (not necessarily Google-related) that day?
4. Do you remember any unusual popups?
5. Last but not least - any malware incidents?

 

Hi,

No worry about the delay.

I was able to re-import it just fine and then re-scanned with RCC and it was detected again:

http://i.imgur.com/u6JMW75.png

So I guess that the screenshot will answer your first two questions.

I am not sure how to answer on your third question since the date of the installed programs changed (like in the topic here). It is happening from time to time and I am still unable to trace what causes these changes. But yes I probably installed a program or update that day (I keep my programs and the OS always updated). If you want a list of my installed programs please let me know and I can PM you.

I can guarantee that my system is malware free. I am a malware removal expert and provide malware removal assistance at BleepingComputer forum , Malwarebytes forum and many more.

Here is a screenshot when the certificate is deleted:

http://i.imgur.com/cf10S9v.png


Regards,
Georgi