hi Qihoo360 is spotting a direct installation or modification of a root certificate binary blob and warns me about consequences that I will be not able to tell from a legitimate program or a modified one if I allowed the installation of a new root CA by malicious actors. The target of the modification is simplewall, but also blackfog. To mitigate against certificate installs I imported the following into registry, is it correct value? mitigation reference here: https://attack.mitre.org/techniques/T1130/ Windows Registry Editor Version 5.00 [HKLM\SOFTWARE\Policies\Microsoft\SystemCertificates\AuthRoot] "DisableRootAutoUpdate"=dword:00000001 [HKLM\SOFTWARE\Policies\Microsoft\SystemCertificates\Root\ProtectedRoots "Flags"=dword:00000001 [HKLM\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPublisher\Safer] "AuthentiCodeFlags"=dword:00000002 this happens when I connect online
