RCC - check your system's trusted root certificate store

Discussion in 'other anti-malware software' started by svenfaw, Feb 28, 2015.

  1. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    2,475

    Not sure if it matters but I have this cert too and it is good till August of 2018 and not so sure MS can remove I, even though it has weak RSA 1024.
     
  2. wildafrica

    wildafrica Registered Member

    Joined:
    Jan 15, 2017
    Posts:
    10
    Location:
    EU
    List of software: https://app.box.com/s/dy4k1ko0xpuf9dgg5g3ksbpdjn3qpy8g
    Security setup: I do not know what do you mean. I use w10 64b, Avast free, Voodooshield, Comodo FW, I use user account
    Brand PC: I build it myself
    RCC scan:https://app.box.com/s/cckn5g0kh20ua3xa23znibvpq3ydtxej
     
  3. Mister X

    Mister X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    2,693
    Location:
    Mexico
    After last update on June 25, 2017 I get same Equifax certificate:
    Code:
    RCC 1.0.69.24 - (c) 2017 Firas Salem <@hexatomium> -  All rights reserved.
    For continued use, consider making a donation or purchasing a license.
    
    Scanning baselines available: 2
    Definitions updated: 2017-06-25
    
    
    ***   Scanning Windows root CA store... (Baseline selected: RCC1_STD_MSCTL)
    
    Number of roots in trust store: 36
    Number of roots in trust list: 362
    
    Number of 'interesting' items: 1
    
    D23209AD23D314232174E40D7F9D62139786633A: Equifax Secure Certificate Authority
                           Time of insertion: 2017-05-25 05:31:48 UTC
    
    
    The items highlighted above might represent a security risk. It is highly
    recommended to review their purpose, and distrust them if appropriate.
    
    
    Hit any key to quit.
     
  4. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    4,962
    Location:
    U.S.A.
    It is listed as revoked in my root CA certificate store for Trusted Certificates on Win 10 1607.

    For anyone concerned about it, just manually delete it using certmgr.msc.
     
  5. Mister X

    Mister X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    2,693
    Location:
    Mexico
    Thanks it worked out:
    Code:
    RCC 1.0.69.24 - (c) 2017 Firas Salem <@hexatomium> -  All rights reserved.
    For continued use, consider making a donation or purchasing a license.
    
    Scanning baselines available: 2
    Definitions updated: 2017-06-25
    
    
    ***   Scanning Windows root CA store... (Baseline selected: RCC1_STD_MSCTL)
    
    [  OK  ]    No unusual root certificates found.
    
    
    Hit any key to quit.
     
  6. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    2,164
    Location:
    The etherlands
    I also have the Equifax certificate (different date). But I checked, it is revoked, so I guess it's OK.
     
  7. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    4,962
    Location:
    U.S.A.
    Forgot to mention, do not be surprised if it shows up again. Windows has a nasty habit of re-adding Trusted Root CA Store certificates.
     
  8. Mister X

    Mister X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    2,693
    Location:
    Mexico
    Duly noted :thumb:
     
  9. mood

    mood Registered Member

    Joined:
    Oct 27, 2012
    Posts:
    2,555
    I can see the Equifax-certificate too (not revoked) and i have moved it now to the Untrusted Certificates category (certmgr.msc).
    Now its gone (from the list of interesting items) :thumb:
     
  10. clubhouse1

    clubhouse1 Registered Member

    Joined:
    Sep 26, 2013
    Posts:
    1,074
    Location:
    UK
    I got this cert' on Windows 7, I deleted it and it indeed did reappear...As per mood I have placed it in Untrusted Certificates.
     
  11. Mister X

    Mister X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    2,693
    Location:
    Mexico
    Good to know thank you.
     
  12. svenfaw

    svenfaw Registered Member

    Joined:
    May 7, 2012
    Posts:
    195
    On July 1st, it looks like you installed some Adobe software, as well as Office 365. I'm not aware of either auto-installing root certificates, so this is a little mysterious. It may be worth checking exactly at what time the installations were performed (look at the corresponding folder timestamps in your Program Files directory) and see if any of the timestamps match the insertion time shown by RCC.
     
  13. mood

    mood Registered Member

    Joined:
    Oct 27, 2012
    Posts:
    2,555
  14. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    4,962
    Location:
    U.S.A.
    In regards to the revoked Equifax cert., deleted it from Windows root CA certificate store or moving it the untrusted certificate store has zip effect. Windows just keeps downloading it to the root CA certificate store:argh:
     
  15. Mister X

    Mister X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    2,693
    Location:
    Mexico
    Yeah yeah I noticed that today lol. Thanks. Going to move it for permanent results.
     
  16. Nitty Kutchie

    Nitty Kutchie Registered Member

    Joined:
    Apr 10, 2015
    Posts:
    116
    If you run this win10-security-plus-setup.exe program & only tick the part about certificates then the said ( Equifax cert ) gets revoke and others & stay revoked.:thumb:
     
  17. Gapliin

    Gapliin Registered Member

    Joined:
    Feb 12, 2012
    Posts:
    76
  18. Gapliin

    Gapliin Registered Member

    Joined:
    Feb 12, 2012
    Posts:
    76
    I'm unable to download this version. I only get an empty 0 bytes executable. (It has the SHA-1 hash of an empty string: DA39A3EE5E6B4B0D3255BFEF95601890AFD80709)
    Tried with different browsers and connections. (Not related to the blacklisting mentioned above.)
     
  19. svenfaw

    svenfaw Registered Member

    Joined:
    May 7, 2012
    Posts:
    195
    Should be OK now - thanks for the heads up.

    About the blacklisting: is it Emsisoft again? I will look into it as time permits, but OVH's suggestions were not that helpful last time...
     
  20. Gapliin

    Gapliin Registered Member

    Joined:
    Feb 12, 2012
    Posts:
    76
Loading...