RCC - check your system's trusted root certificate store

Discussion in 'other anti-malware software' started by svenfaw, Feb 28, 2015.

  1. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,792
    Location:
    .
    After last update on June 25, 2017 I get same Equifax certificate:
    Code:
    RCC 1.0.69.24 - (c) 2017 Firas Salem <@hexatomium> -  All rights reserved.
    For continued use, consider making a donation or purchasing a license.
    
    Scanning baselines available: 2
    Definitions updated: 2017-06-25
    
    
    ***   Scanning Windows root CA store... (Baseline selected: RCC1_STD_MSCTL)
    
    Number of roots in trust store: 36
    Number of roots in trust list: 362
    
    Number of 'interesting' items: 1
    
    D23209AD23D314232174E40D7F9D62139786633A: Equifax Secure Certificate Authority
                           Time of insertion: 2017-05-25 05:31:48 UTC
    
    
    The items highlighted above might represent a security risk. It is highly
    recommended to review their purpose, and distrust them if appropriate.
    
    
    Hit any key to quit.
     
  2. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    It is listed as revoked in my root CA certificate store for Trusted Certificates on Win 10 1607.

    For anyone concerned about it, just manually delete it using certmgr.msc.
     
  3. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,792
    Location:
    .
    Thanks it worked out:
    Code:
    RCC 1.0.69.24 - (c) 2017 Firas Salem <@hexatomium> -  All rights reserved.
    For continued use, consider making a donation or purchasing a license.
    
    Scanning baselines available: 2
    Definitions updated: 2017-06-25
    
    
    ***   Scanning Windows root CA store... (Baseline selected: RCC1_STD_MSCTL)
    
    [  OK  ]    No unusual root certificates found.
    
    
    Hit any key to quit.
     
  4. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,639
    Location:
    Under a bushel ...
    I also have the Equifax certificate (different date). But I checked, it is revoked, so I guess it's OK.
     
  5. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    Forgot to mention, do not be surprised if it shows up again. Windows has a nasty habit of re-adding Trusted Root CA Store certificates.
     
  6. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,792
    Location:
    .
    Duly noted :thumb:
     
  7. guest

    guest Guest

    I can see the Equifax-certificate too (not revoked) and i have moved it now to the Untrusted Certificates category (certmgr.msc).
    Now its gone (from the list of interesting items) :thumb:
     
  8. clubhouse1

    clubhouse1 Registered Member

    Joined:
    Sep 26, 2013
    Posts:
    1,124
    Location:
    UK
    I got this cert' on Windows 7, I deleted it and it indeed did reappear...As per mood I have placed it in Untrusted Certificates.
     
  9. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,792
    Location:
    .
    Good to know thank you.
     
  10. svenfaw

    svenfaw Registered Member

    Joined:
    May 7, 2012
    Posts:
    291
    On July 1st, it looks like you installed some Adobe software, as well as Office 365. I'm not aware of either auto-installing root certificates, so this is a little mysterious. It may be worth checking exactly at what time the installations were performed (look at the corresponding folder timestamps in your Program Files directory) and see if any of the timestamps match the insertion time shown by RCC.
     
  11. guest

    guest Guest

  12. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    In regards to the revoked Equifax cert., deleted it from Windows root CA certificate store or moving it the untrusted certificate store has zip effect. Windows just keeps downloading it to the root CA certificate store:argh:
     
  13. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,792
    Location:
    .
    Yeah yeah I noticed that today lol. Thanks. Going to move it for permanent results.
     
  14. Nitty Kutchie

    Nitty Kutchie Registered Member

    Joined:
    Apr 10, 2015
    Posts:
    160
    If you run this win10-security-plus-setup.exe program & only tick the part about certificates then the said ( Equifax cert ) gets revoke and others & stay revoked.:thumb:
     
  15. Gapliin

    Gapliin Registered Member

    Joined:
    Feb 12, 2012
    Posts:
    81
  16. Gapliin

    Gapliin Registered Member

    Joined:
    Feb 12, 2012
    Posts:
    81
    I'm unable to download this version. I only get an empty 0 bytes executable. (It has the SHA-1 hash of an empty string: DA39A3EE5E6B4B0D3255BFEF95601890AFD80709)
    Tried with different browsers and connections. (Not related to the blacklisting mentioned above.)
     
  17. svenfaw

    svenfaw Registered Member

    Joined:
    May 7, 2012
    Posts:
    291
    Should be OK now - thanks for the heads up.

    About the blacklisting: is it Emsisoft again? I will look into it as time permits, but OVH's suggestions were not that helpful last time...
     
  18. Gapliin

    Gapliin Registered Member

    Joined:
    Feb 12, 2012
    Posts:
    81
  19. gorblimey

    gorblimey Registered Member

    Joined:
    Jan 19, 2017
    Posts:
    158
    Location:
    West Oz
    Just ran a check, actually to look at my K-M certs, but this turned up in the M$ store:
    Number of 'interesting' items: 2

    DF646DCB7B0FD3A96AEE88C64E2D676711FF9D5F: TWCA Root Certification Authorit
    Time of insertion: 2017-04-12 10:53:18 UTC

    D23209AD23D314232174E40D7F9D62139786633A: Equifax Secure Certificate Autho
    Time of insertion: 2017-04-12 10:53:18 UTC


    The Equifax is no longer interesting, I distrusted it :), but the TWCA is #2 of two, literally one is called "1" and its twin is "2". :confused: Both of them have alerts on the Key Usage and Basic Constraints. I doubt even M$ can (would) insert a cert twice... Would they?
     
  20. SKA

    SKA Registered Member

    Joined:
    Aug 2, 2002
    Posts:
    181
    A new version 1.69.028 available but in file details it still shows as 1.69.024 ?
    It;s confusing as not sure if this an update or not ?

    Ska
     
  21. guest

    guest Guest

    It is 1.69.028. The file details were not renewed :)
    RCC_fileversion.png
     
  22. SKA

    SKA Registered Member

    Joined:
    Aug 2, 2002
    Posts:
    181
    Thanks , mood !

    Ska
     
  23. guest

    guest Guest

  24. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    5,285
    Interesting to find that Windows Defender doesn't like the latest version...

    RCC_1.69.031_ WindowsDefender_threat detected.JPG
     
  25. svenfaw

    svenfaw Registered Member

    Joined:
    May 7, 2012
    Posts:
    291
    Strange, Windows Defender doesn't complain here. Can you check the hash?
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.