RCC - check your system's trusted root certificate store

Discussion in 'other anti-malware software' started by svenfaw, Feb 28, 2015.

  1. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    2,499

    Not sure if it matters but I have this cert too and it is good till August of 2018 and not so sure MS can remove I, even though it has weak RSA 1024.
     
  2. wildafrica

    wildafrica Registered Member

    Joined:
    Jan 15, 2017
    Posts:
    10
    Location:
    EU
    List of software: https://app.box.com/s/dy4k1ko0xpuf9dgg5g3ksbpdjn3qpy8g
    Security setup: I do not know what do you mean. I use w10 64b, Avast free, Voodooshield, Comodo FW, I use user account
    Brand PC: I build it myself
    RCC scan:https://app.box.com/s/cckn5g0kh20ua3xa23znibvpq3ydtxej
     
  3. Mister X

    Mister X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    2,885
    Location:
    Mexico
    After last update on June 25, 2017 I get same Equifax certificate:
    Code:
    RCC 1.0.69.24 - (c) 2017 Firas Salem <@hexatomium> -  All rights reserved.
    For continued use, consider making a donation or purchasing a license.
    
    Scanning baselines available: 2
    Definitions updated: 2017-06-25
    
    
    ***   Scanning Windows root CA store... (Baseline selected: RCC1_STD_MSCTL)
    
    Number of roots in trust store: 36
    Number of roots in trust list: 362
    
    Number of 'interesting' items: 1
    
    D23209AD23D314232174E40D7F9D62139786633A: Equifax Secure Certificate Authority
                           Time of insertion: 2017-05-25 05:31:48 UTC
    
    
    The items highlighted above might represent a security risk. It is highly
    recommended to review their purpose, and distrust them if appropriate.
    
    
    Hit any key to quit.
     
  4. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    5,382
    Location:
    U.S.A.
    It is listed as revoked in my root CA certificate store for Trusted Certificates on Win 10 1607.

    For anyone concerned about it, just manually delete it using certmgr.msc.
     
  5. Mister X

    Mister X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    2,885
    Location:
    Mexico
    Thanks it worked out:
    Code:
    RCC 1.0.69.24 - (c) 2017 Firas Salem <@hexatomium> -  All rights reserved.
    For continued use, consider making a donation or purchasing a license.
    
    Scanning baselines available: 2
    Definitions updated: 2017-06-25
    
    
    ***   Scanning Windows root CA store... (Baseline selected: RCC1_STD_MSCTL)
    
    [  OK  ]    No unusual root certificates found.
    
    
    Hit any key to quit.
     
  6. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    2,528
    Location:
    The etherlands
    I also have the Equifax certificate (different date). But I checked, it is revoked, so I guess it's OK.
     
  7. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    5,382
    Location:
    U.S.A.
    Forgot to mention, do not be surprised if it shows up again. Windows has a nasty habit of re-adding Trusted Root CA Store certificates.
     
  8. Mister X

    Mister X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    2,885
    Location:
    Mexico
    Duly noted :thumb:
     
  9. mood

    mood Registered Member

    Joined:
    Oct 27, 2012
    Posts:
    2,880
    I can see the Equifax-certificate too (not revoked) and i have moved it now to the Untrusted Certificates category (certmgr.msc).
    Now its gone (from the list of interesting items) :thumb:
     
  10. clubhouse1

    clubhouse1 Registered Member

    Joined:
    Sep 26, 2013
    Posts:
    1,092
    Location:
    UK
    I got this cert' on Windows 7, I deleted it and it indeed did reappear...As per mood I have placed it in Untrusted Certificates.
     
  11. Mister X

    Mister X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    2,885
    Location:
    Mexico
    Good to know thank you.
     
  12. svenfaw

    svenfaw Registered Member

    Joined:
    May 7, 2012
    Posts:
    196
    On July 1st, it looks like you installed some Adobe software, as well as Office 365. I'm not aware of either auto-installing root certificates, so this is a little mysterious. It may be worth checking exactly at what time the installations were performed (look at the corresponding folder timestamps in your Program Files directory) and see if any of the timestamps match the insertion time shown by RCC.
     
  13. mood

    mood Registered Member

    Joined:
    Oct 27, 2012
    Posts:
    2,880
  14. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    5,382
    Location:
    U.S.A.
    In regards to the revoked Equifax cert., deleted it from Windows root CA certificate store or moving it the untrusted certificate store has zip effect. Windows just keeps downloading it to the root CA certificate store:argh:
     
  15. Mister X

    Mister X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    2,885
    Location:
    Mexico
    Yeah yeah I noticed that today lol. Thanks. Going to move it for permanent results.
     
  16. Nitty Kutchie

    Nitty Kutchie Registered Member

    Joined:
    Apr 10, 2015
    Posts:
    117
    If you run this win10-security-plus-setup.exe program & only tick the part about certificates then the said ( Equifax cert ) gets revoke and others & stay revoked.:thumb:
     
  17. Gapliin

    Gapliin Registered Member

    Joined:
    Feb 12, 2012
    Posts:
    78
  18. Gapliin

    Gapliin Registered Member

    Joined:
    Feb 12, 2012
    Posts:
    78
    I'm unable to download this version. I only get an empty 0 bytes executable. (It has the SHA-1 hash of an empty string: DA39A3EE5E6B4B0D3255BFEF95601890AFD80709)
    Tried with different browsers and connections. (Not related to the blacklisting mentioned above.)
     
  19. svenfaw

    svenfaw Registered Member

    Joined:
    May 7, 2012
    Posts:
    196
    Should be OK now - thanks for the heads up.

    About the blacklisting: is it Emsisoft again? I will look into it as time permits, but OVH's suggestions were not that helpful last time...
     
  20. Gapliin

    Gapliin Registered Member

    Joined:
    Feb 12, 2012
    Posts:
    78
  21. gorblimey

    gorblimey Registered Member

    Joined:
    Jan 19, 2017
    Posts:
    147
    Location:
    West Oz
    Just ran a check, actually to look at my K-M certs, but this turned up in the M$ store:
    Number of 'interesting' items: 2

    DF646DCB7B0FD3A96AEE88C64E2D676711FF9D5F: TWCA Root Certification Authorit
    Time of insertion: 2017-04-12 10:53:18 UTC

    D23209AD23D314232174E40D7F9D62139786633A: Equifax Secure Certificate Autho
    Time of insertion: 2017-04-12 10:53:18 UTC


    The Equifax is no longer interesting, I distrusted it :), but the TWCA is #2 of two, literally one is called "1" and its twin is "2". :confused: Both of them have alerts on the Key Usage and Basic Constraints. I doubt even M$ can (would) insert a cert twice... Would they?
     
  22. SKA

    SKA Registered Member

    Joined:
    Aug 2, 2002
    Posts:
    166
    A new version 1.69.028 available but in file details it still shows as 1.69.024 ?
    It;s confusing as not sure if this an update or not ?

    Ska
     
  23. mood

    mood Registered Member

    Joined:
    Oct 27, 2012
    Posts:
    2,880
    It is 1.69.028. The file details were not renewed :)
    RCC_fileversion.png
     
  24. SKA

    SKA Registered Member

    Joined:
    Aug 2, 2002
    Posts:
    166
    Thanks , mood !

    Ska
     
Loading...