RCC - check your system's trusted root certificate store

It might be interesting if you add the ability to manage them (delete, disable...)

 

AFAIK RCC uses Microsoft database, to check certificates.

How often does Microsoft update this database? Once a month?

 

In fact RCC uses its own database, which is based on the following primary sources:
Microsoft
Firefox
Apple
Android

I will also add an option for a stricter trust list, including only roots in wide public circulation.

Microsoft typically updates its CTL 4 to 6 times a year. Firefox, about the same. Apple and Google, a bit less often AFAIK.

 

Here's an early pre-release of a real-time version.

This is very much a work in progress and still quite far from what I am planning, but as things have been going so slowly, I decided to go ahead and post this experimental version.

The main benefit of this real-time version is that it will immediately notify you if new root certificates are added to your trust store. You no longer need to remember to run RCC once in a while.

No installation: just unzip to any directory and launch "trustmonitor.exe". The application will then be running in the system tray. But as you will notice, the application is not yet 100% GUI-based.

Download: http://trax.x10.mx/files/trustmonitor.zip
sha256 hash for trustmonitor.exe: f5312238dea00dd5dbfbea90b760878933348ce736f3cc3ad3517cafb7678e92

(Standard disclaimer: as with any pre-release software, use at your own risk.)

 

Working nicely on Win10 x64

 

Working without apparent issues on my Windows 10 and 7 x64 systems. Whitelisting in WinAntiRansom was necessary; that's to be expected.

I'll continue to run with the real-time guard enabled.

I copied cert8.db and nssckbi.dll to the root of the trustmonitor folder which upon a deep scan returned results for the Mozilla Firefox root CA score. Just as it did with RCC.exe.

Nice work! Thank you.

 

I just noticed that in the list of hashes there's none for version .008. Was wondering what the hash for that would be.

 

Good catch! I've just updated the hash list.

 

I think you may also want to update version info. Some fields of interest from Windows 7 Properties Details:

File Description: SF
File Version: 1.2.2.1
Produce name: SF
Product version: 1,2,2,1
Copyright: SF 2015
Original filename: RCC (note: as opposed to rcc.exe)

 

Much appreciated.

 

Hello guys!

First thanks for that tool.

Support for Pale Moon (http://www.palemoon.org) would be awesome!

 

Until that happens, you can do it manually. Copy the files "cert8.db" and "nssckbi.dll" from Palemoon into the directory in which RCC.exe lives. Once you run the scan, RCC will also report on the "Mozilla Firefox root CA store." Yes, they're Mozilla Firefox.

 

Thank you for that trick, haakon!
Works without problems.

~ Removed Off Topic Remarks ~

 

A new version is available: 1.69.002
Signatures have been updated and it is now possible to export results to CSV.

Example:

Code:

RCC.exe /csv scanresults.csv

 

FYI: web page still shows 1.65.008.

Can you update the RCC.bin file for TrustMonitor also?
EDIT: rename RCC.exe to RCC.bin!

Request: In the RCC.exe Properties > Details, could you please update the file version; it's always 1.2.2.1.

Thanks for the continued development and support.

 

Just got around to noticing this...

When I run RCC.exe from my own CMD shortcut, configured with the Lucida Console font, the result(s) display differently from RCC.bin/TrustMonitor (shown) or if I run RCC.exe in a default CMD window, the latter both using the Raster font.

 

Thanks for your feedback! I'll be sure to look into these issues but won't have much time in the next few days.

 

Heads up! on this Bitdefender Active Threat Control (formerly Active Virus Control) event.



I've been running Trustmonitor for a while, so I speculate this event is associated with today's update of avc3.qx and/or avc3.hxi.

Note the behavior was not immediately determined to necessitate quarantine or deletion.

 

Just a false positive. Thanks for reporting it!
A new build will be posted soon anyway.

 

RCC 1.69.005 is available.

A new scanning profile has been added, which will highlight any root certs that are not in widespread use on the Internet.
Such roots will be listed even if they belong to the MS root program.

Select this mode using the /strict parameter.

 

It still shows as 1.69.002 on the site ...

Btw I see the attached.

I am not concerned about Adguard which I have installed, or WinPrivacy which I had installed in the past.

But I have no idea about Hotspot 2.0 Trust Root CA? Doesn't sound good. Looking at time of insertion, I upgraded to Win 10 AU (1607) around then. Is it legit or should I somehow delete it?

 

If it was inserted at the same time you upgraded to Win10 AO then maybe "Hotspot 2.0 Trust Root CA" is legit.
Update: Yes, it is:

https://social.technet.microsoft.com/wiki/contents/articles/31680.microsoft-trusted-root-certificate-program-updates.aspx

 

On mine it works fine detecting in Pale Moon

 

It cannot scan the cert8.db file if you have set a Master password on Firefox, in that case it doesn't detect firefox is still running, and it doesn't trow a message that the file could not be read.
Can we get a visual feedback of these issues?

Update: it seems this is caused by finding the cert8.db from the palemoon profile first and then it stops searching for more, so it never hits my Firefox cert8.db file (monitored with procmon).

Update2: confirmed, renaming the cert8.db on the palemoon profile makes the Firefox scan work as expected, it detects it's still running and is able to scan and detect a non default root CA

 

You mean with that workaround?: https://www.wilderssecurity.com/thr...certificate-store.373819/page-11#post-2603875
By default it doesn't work for me with Pale Moon. Testet with Pale Moon (x64) 27 alpha 2.

Anyway when i use the /strict argument i get this:
https://anony.ws/i/2016/08/13/strict.png