direct installation or modification of a root certificate binary blob

Discussion in 'privacy problems' started by lucd, Mar 17, 2020.

  1. lucd

    lucd Registered Member

    Joined:
    Jan 30, 2018
    Posts:
    306
    Location:
    Island of Woman
    hi Qihoo360 is spotting a direct installation or modification of a root certificate binary blob and warns me about consequences that I will be not able to tell from a legitimate program or a modified one if I allowed the installation of a new root CA by malicious actors. The target of the modification is simplewall, but also blackfog. To mitigate against certificate installs I imported the following into registry, is it correct value?
    mitigation reference here: https://attack.mitre.org/techniques/T1130/



    Windows Registry Editor Version 5.00

    [HKLM\SOFTWARE\Policies\Microsoft\SystemCertificates\AuthRoot]
    "DisableRootAutoUpdate"=dword:00000001

    [HKLM\SOFTWARE\Policies\Microsoft\SystemCertificates\Root\ProtectedRoots
    "Flags"=dword:00000001

    [HKLM\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPublisher\Safer]
    "AuthentiCodeFlags"=dword:00000002


    this happens when I connect online
     

    Attached Files:

    Last edited: Mar 17, 2020
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.