RCC - check your system's trusted root certificate store

Discussion in 'other anti-malware software' started by svenfaw, Feb 28, 2015.

  1. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    5,274
    Location:
    USA
    I believe you would have to remove the adguard certificate to get a different result when you run RCC
     
  2. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    1,705
    Well At present I trust AdGuard and so won't be doing that, since programs like Bitdefender and Eset use the same technology.


    "It's no secret that since version 5.7 Adguard is able to filter secured connections (https).

    For proper filtering of secured connections, a mechanism called Man-In-Middle is used. By the way, filtering of secured connections in the popular antiviruses works the same way. E.g: Eset Nod32 and Bitdefender.

    For this method to work correctly, Adguard imports its own root certificate in certificate store that your browser uses. If https-connection filtering is enabled, Adguard automatically detects browsers installed on your computer and installs the root certificate in their stores.

    The problem is that we can’t define location of the portable-browser. Therefore, for the portable-versions of browsers using its own certificate store, such as Firefox and Opera 12 and its previous versions, we have to use workarounds."
     
  3. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    5,274
    Location:
    USA
  4. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    1,705
    EMET does not work on my system.

    ~ Removed Off Topic Remarks ~


    I sure remember the old debates about hardware rootkits here, and all we got was it is a POC now look at all that HAS happened in the past 5 yeARS. Stop fear mongering!!!
    Well it is here and it is here to stay !!! my friends.

    The old remedy was to reformat and as you know that don't work now. If you get hit by one of these all you can do is burn your entire computer and buy a new one and hope even that has not been compromised. Right?
     
    Last edited by a moderator: Jul 20, 2015
  5. Dwarden

    Dwarden Registered Member

    Joined:
    Apr 11, 2003
    Posts:
    176
    Location:
    Czech Republic
  6. flatfly

    flatfly Registered Member

    Joined:
    Aug 25, 2010
    Posts:
    68
    Not sure what EMET has to do with this thread?
     
    Last edited: Jul 25, 2015
  7. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    1,856
    Thee is no need for work arounds for firefox or chrome/opera (chromium forkes). at least those root store are saver than this vulnerable mitm rubbish. also there exists an investigation that almost all security products are somehow vulnerable themselves.

    cheers
     
  8. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    3,539
    Location:
    U.S.A.
    No activity for its Wilders thread in over a month. Also web site download link is off-line.

    Someone shut it down?
     
  9. Cactus5

    Cactus5 Registered Member

    Joined:
    Jan 17, 2015
    Posts:
    24
    Location:
    Southwest USA
    @svenfaw I would very much like to download a new version of RCC. I tried to download some time ago and the status was moving. Now it's just gone. Is there a new place to get RCC? Hope you are well.
     
  10. svenfaw

    svenfaw Registered Member

    Joined:
    May 7, 2012
    Posts:
    158
    Hi, I'd love to give a better answer but it's not available for download at this time, I'm afraid. Hopefully I'll be able to share some more information soon.
     
  11. Cede

    Cede Registered Member

    Joined:
    Sep 12, 2015
    Posts:
    1
    Please post the word "Donkey" if you are not under a legal obligation to withhold the information.
     
  12. svenfaw

    svenfaw Registered Member

    Joined:
    May 7, 2012
    Posts:
    158
    Rest assured it's nothing of the sort.
     
  13. svenfaw

    svenfaw Registered Member

    Joined:
    May 7, 2012
    Posts:
    158
    RCC is back, with a new build available for download. I will post more info in the next few days. Too many things to do, too little time...

    Version: 1.54.241
    SHA1: 4644590cf15ad3f6258cfa03c42f4486020cbdf9
     
  14. Cactus5

    Cactus5 Registered Member

    Joined:
    Jan 17, 2015
    Posts:
    24
    Location:
    Southwest USA
    @svenfaw, where can this new RCC be downloaded from? The original link in the first post doesn't work. I see no other mention of another site and nothing about it on your blog.

    Thanks
     
  15. clubhouse1

    clubhouse1 Registered Member

    Joined:
    Sep 26, 2013
    Posts:
    784
    Location:
    UK

    The link worked fine for me..Downloaded and run.

    Try this...

    http://trax.x10.mx/dl_rcc.php?appname=RCC.exe


    Obviously check the sha1.
     
    Last edited by a moderator: Nov 2, 2015
  16. haakon

    haakon Guest

    v1.54.241 working A-OK in Windows 7 HP SP1 x64, including the portable Mozilla cert8.db and nssckbi.dll workaround.

    Nice work, svenfaw. :thumb:
     
  17. Cactus5

    Cactus5 Registered Member

    Joined:
    Jan 17, 2015
    Posts:
    24
    Location:
    Southwest USA
    Thanks @clubhouse1, that worked once I disconnected from my VPN.
     
  18. XIII

    XIII Registered Member

    Joined:
    Jan 12, 2009
    Posts:
    491
    Reports "Symantec Enterprise Mobile Root for M" (icrsoft?).

    I don't run any Symantec software on my system...
     
  19. girioni

    girioni Registered Member

    Joined:
    Mar 31, 2015
    Posts:
    11
    Not sure if relevant, as I don't understand Italian, but a quick Google search turned this up:

    https://wikileaks.org/hackingteam/emails/emailid/522525
     
  20. XIII

    XIII Registered Member

    Joined:
    Jan 12, 2009
    Posts:
    491
    I'm afraid I don't understand the English translation by Google. Anyone Italian here that can explain what is published there?

    Anyone else getting this certificate reported by RCC?
     
  21. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    3,539
    Location:
    U.S.A.
    That cert. is an enterprise cert. used by Windows Phone. Info on how to install it is here: https://knowledge.symantec.com/supp...=content&id=SO20770&actp=RSS&viewlocale=en_US

    I assume neither applies to you? Just verify your root CA certs. using certmgr.msc to ensure it's not there. If it is, just delete it if not needed. I am pretty sure this Symantec Root cert. is not part of the standard cert. issue package from MS unless it was added for WIN 10?
     
  22. XIII

    XIII Registered Member

    Joined:
    Jan 12, 2009
    Posts:
    491
    I have no Windows Phone and I don't use any Symantec software.
     
  23. svenfaw

    svenfaw Registered Member

    Joined:
    May 7, 2012
    Posts:
    158
    See what the insertion time is and cross-match that with software installation timestamps (Programs and Features control panel) to try and find the culprit:

    ins.png

    Might be worth a shot.
     
  24. CHEFKOCH

    CHEFKOCH Registered Member

    Joined:
    Aug 29, 2014
    Posts:
    302
    Location:
    Swiss
    Thanks for the update.

    The name of E13CE7983517E81453BDE6B6840B955CC4B648A0 certificate is wrong, it shows SK but it's trusted ESET SSL Filter CA on windows 10 x64.


    With CTInfo 1.20 I get 349 certs (trusted) and 61 untrusted. If I click on 'details' it shows 349, but wouldn't it better to show only the untrusted ones to compare and move this button to the other site, because it is a bit confusing.

    http://imagizer.imageshack.com/img910/5198/WsZCfH.png


    Edit:
    Maybe the possibility to mark specific certs 'trusted' would be good, or an feedback button to report or upload it. Because it's a bit annoying to see legit certs in big red as untrusted, I know they are external but anyway.
     
    Last edited: Nov 3, 2015
  25. XIII

    XIII Registered Member

    Joined:
    Jan 12, 2009
    Posts:
    491
    Good suggestion!

    Unfortunately unsuccessful: the certificate is reported to be installed installed on July 10, 2015. That's weird because it's on my Windows 10 system that I clean installed after the release of Windows 10 (which was July 29 I believe).
     
Loading...