RCC - check your system's trusted root certificate store

After last update on June 25, 2017 I get same Equifax certificate:

Code:

RCC 1.0.69.24 - (c) 2017 Firas Salem <@hexatomium> -  All rights reserved.
For continued use, consider making a donation or purchasing a license.

Scanning baselines available: 2
Definitions updated: 2017-06-25


***   Scanning Windows root CA store... (Baseline selected: RCC1_STD_MSCTL)

Number of roots in trust store: 36
Number of roots in trust list: 362

Number of 'interesting' items: 1

D23209AD23D314232174E40D7F9D62139786633A: Equifax Secure Certificate Authority
                       Time of insertion: 2017-05-25 05:31:48 UTC


The items highlighted above might represent a security risk. It is highly
recommended to review their purpose, and distrust them if appropriate.


Hit any key to quit.

 

It is listed as revoked in my root CA certificate store for Trusted Certificates on Win 10 1607.

For anyone concerned about it, just manually delete it using certmgr.msc.

 

Thanks it worked out:

Code:

RCC 1.0.69.24 - (c) 2017 Firas Salem <@hexatomium> -  All rights reserved.
For continued use, consider making a donation or purchasing a license.

Scanning baselines available: 2
Definitions updated: 2017-06-25


***   Scanning Windows root CA store... (Baseline selected: RCC1_STD_MSCTL)

[  OK  ]    No unusual root certificates found.


Hit any key to quit.

 

I also have the Equifax certificate (different date). But I checked, it is revoked, so I guess it's OK.

 

Forgot to mention, do not be surprised if it shows up again. Windows has a nasty habit of re-adding Trusted Root CA Store certificates.

 

Duly noted

 

I can see the Equifax-certificate too (not revoked) and i have moved it now to the Untrusted Certificates category (certmgr.msc).
Now its gone (from the list of interesting items)

 

I got this cert' on Windows 7, I deleted it and it indeed did reappear...As per mood I have placed it in Untrusted Certificates.

 

Good to know thank you.

 

On July 1st, it looks like you installed some Adobe software, as well as Office 365. I'm not aware of either auto-installing root certificates, so this is a little mysterious. It may be worth checking exactly at what time the installations were performed (look at the corresponding folder timestamps in your Program Files directory) and see if any of the timestamps match the insertion time shown by RCC.

 

RCC 1.69.026 available
Updated: 2017-08-07
https://www.trustprobe.com/fs1/apps.html

 

In regards to the revoked Equifax cert., deleted it from Windows root CA certificate store or moving it the untrusted certificate store has zip effect. Windows just keeps downloading it to the root CA certificate store

 

Yeah yeah I noticed that today lol. Thanks. Going to move it for permanent results.

 

If you run this win10-security-plus-setup.exe program & only tick the part about certificates then the said ( Equifax cert ) gets revoke and others & stay revoked.

 

This happend again.

 

I'm unable to download this version. I only get an empty 0 bytes executable. (It has the SHA-1 hash of an empty string: DA39A3EE5E6B4B0D3255BFEF95601890AFD80709)
Tried with different browsers and connections. (Not related to the blacklisting mentioned above.)

 

Should be OK now - thanks for the heads up.

About the blacklisting: is it Emsisoft again? I will look into it as time permits, but OVH's suggestions were not that helpful last time...

 

https://support.emsisoft.com/topic/28044-2131863317/

 

Just ran a check, actually to look at my K-M certs, but this turned up in the M$ store:
Number of 'interesting' items: 2

DF646DCB7B0FD3A96AEE88C64E2D676711FF9D5F: TWCA Root Certification Authorit
Time of insertion: 2017-04-12 10:53:18 UTC

D23209AD23D314232174E40D7F9D62139786633A: Equifax Secure Certificate Autho
Time of insertion: 2017-04-12 10:53:18 UTC

The Equifax is no longer interesting, I distrusted it , but the TWCA is #2 of two, literally one is called "1" and its twin is "2". Both of them have alerts on the Key Usage and Basic Constraints. I doubt even M$ can (would) insert a cert twice... Would they?

 

A new version 1.69.028 available but in file details it still shows as 1.69.024 ?
It;s confusing as not sure if this an update or not ?

Ska

 

It is 1.69.028. The file details were not renewed

 

Thanks , mood !

Ska

 

RCC 1.69.031 available
Definitions updated: 2017-11-23
https://www.trustprobe.com/fs1/apps.html / Hashes

 

Interesting to find that Windows Defender doesn't like the latest version...

 

Strange, Windows Defender doesn't complain here. Can you check the hash?