RCC - check your system's trusted root certificate store

Discussion in 'other anti-malware software' started by svenfaw, Feb 28, 2015.

  1. svenfaw

    svenfaw Registered Member

    Joined:
    May 7, 2012
    Posts:
    158
    Thanks for the feedback. I'll fix the display name issue in next build.

    I agree the way CTLInfo presents things could be improved. Will look into it when time permits.

    BTW I can see you also have the "Symantec Enterprise Mobile Root" cert. It could be something new in Windows 10, although it's strange that it is not officially documented. Based on the other certs detected, I'm guessing that you were beta testing early releases of Windows 10?
     
  2. XIII

    XIII Registered Member

    Joined:
    Jan 12, 2009
    Posts:
    491
    I checked 3 more Windows 10 PC's. They all have this Symantec certificate, but the dates differ…

    These PC's have never been part of the Insider program (but have all been setup by me).
     
  3. svenfaw

    svenfaw Registered Member

    Joined:
    May 7, 2012
    Posts:
    158
    @CHEFKOCH: The display name issue should be fixed in the latest beta available here.
    (SHA1: de57e3931bb381b629e0ed762e0293cd3813be0f)

    @XIII: I'm currently trying to confirm the details of this Symantec certificate with Microsoft.
     
  4. XIII

    XIII Registered Member

    Joined:
    Jan 12, 2009
    Posts:
    491
    Thanks!
     
  5. CHEFKOCH

    CHEFKOCH Registered Member

    Joined:
    Aug 29, 2014
    Posts:
    302
    Location:
    Swiss
    Hello, svenfaw, sorry for the late response from me. And thanks for v.1.55.247 beta.

    The Symantec Cert is present on all systems I checked, Enterprise, Pro and Home (win 10 x64). So I think this is integrated by default. It was quickly tested on fresh systems.


    The other certificate, is F8DB7E1C16F1FFD4AAAD4AAD8DFF0F2445184AEB (Microsoft Development Root Certificat) which is also by default present (for me). I not know for what this exactly is designed for but I think it have to do with the Store/Apps. If someone found out more, please feel free to share your knowledge.
     
  6. Gapliin

    Gapliin Registered Member

    Joined:
    Feb 12, 2012
    Posts:
    63
    This is gonna be big... The ~Phrase removed~ has not even started yet:

    Yes, that's another Root CA bundled with its private key besides "eDellRoot".
     
    Last edited by a moderator: Nov 23, 2015
  7. CHEFKOCH

    CHEFKOCH Registered Member

    Joined:
    Aug 29, 2014
    Posts:
    302
    Location:
    Swiss
    Yes, to remove the dell certificate you can use cmd as admin with:
    certutil -v -revoke "6b c5 7b 95 18 93 aa 97 4b 62 4a c0 88 fc 3b b6" 1
    and check against https://edell.tlsfun.de if you're secure or affected. I think that mentioned Dell Certificate needs to be marked as 'bad'. It's very similar to the Superfish story but this time with Dell.
     
  8. focus

    focus Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    280
    Location:
    USA
    Thanks for the test link.
     
  9. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    3,539
    Location:
    U.S.A.
    Removing eDellRoot cert. alone not enough. You also have to stop and disable Dell Foundation service as noted below. Otherwise, eDellRoot cert. will be reinstalled at next boot time.

    To remove the certificate if you are affected:

    - stop and disable Dell Foundation Services
    - delete the eDellRoot CA (start certmgr.msc, select "Trusted Root Certification Authorities" and "Certificates". Look for eDellRoot)

    Ref.: https://isc.sans.edu/diary/Superfish 2.0: Dell Windows Systems Pre-Installed TLS Root CA/20411
     
  10. svenfaw

    svenfaw Registered Member

    Joined:
    May 7, 2012
    Posts:
    158
    Apparently this is not enough:

    From http://www.pcworld.com/article/3008...y-error-widens-as-researchers-dig-deeper.html:

    EDIT: itman was faster!

    And yes, there is a second rogue Dell certificate reported to be present on some models:
    02C2D931062D7B1DC2A5C7F5F0685064081FB221: DSDTestProvider
     
    Last edited: Nov 24, 2015
  11. Hiltihome

    Hiltihome Registered Member

    Joined:
    Jul 5, 2013
    Posts:
    627
    Location:
    Baden Germany
    Dell recommends to delete a dll file, after stopping the service:
    Open "File Explorer" and navigate to "c:\Program Files\Dell\Dell Foundation Services" and delete the "Dell.Foundation.Agent.Plugins.eDell.dll" file.

    Dell also provides a removal tool.

    In the mean time the online check was updated to also detect the second Dell certificate
     
  12. Hiltihome

    Hiltihome Registered Member

    Joined:
    Jul 5, 2013
    Posts:
    627
    Location:
    Baden Germany
    91 certificate warnings...!
    I guess all false positives, due to outdated database.

    In my opinion RCC is not recommendable, without realtime update of baseline database.

    http://abload.de/img/rccwarningsh3u0i.png
     
  13. Gapliin

    Gapliin Registered Member

    Joined:
    Feb 12, 2012
    Posts:
    63
    Try this one. http://trax.x10.mx/beta/RCC_155.exe
     
    Last edited by a moderator: Nov 26, 2015
  14. sound grammar

    sound grammar Registered Member

    Joined:
    Jan 17, 2010
    Posts:
    2
    hi

    Despite my attempts to understand this I find I am still woefully ignorant, but this is important so please bear with me.

    Just tried the latest rcc beta as above (blank lines removed) on my ancient dell inspiron 6400 which I upgraded (not clean install) from windows 7 to windows 10 and now 1511:

    RCC 1.55.247 beta - (c) 2015 @hexatomium - All rights reserved.
    For long-term use in a production environment, please email cubaguy@gmail.com.
    Scanning baselines available: 1
    Definitions updated: 2015-11-15
    *** Scanning Windows root CA store... (Baseline selected: RCC1_STD_MSCTL)
    Number of 'interesting' items: 4 (Not part of baseline)
    CE1A3553BA6155DA5160097B4B1EA1FF4CBA7195: Generic Root Trust CA
    Time of insertion: 2015-11-16 16:24:40 UTC
    8206D79D4BE68447996A72383B958CA5A367D2B5: BiniSoft.org
    Time of insertion: 2015-11-16 16:24:40 UTC
    901E7A5450CDCE620209A5C8126FADA27BFA19EC: BiniSoft.org
    Time of insertion: 2015-11-16 16:24:40 UTC
    92B46C76E13054E104F230517E6E504D43AB10B5: Symantec Enterprise Mobile Root for M
    Time of insertion: 2015-11-16 16:11:09 UTC
    The items highlighted above might represent a security risk. It is highly
    recommended to review their purpose, and distrust them if appropriate.
    *** Scanning Mozilla Firefox root CA store...
    [ OK ] No unusual root certificates found in cert8.db store.
    Hit any key to quit.

    When I use certmgr.msc I find them all in the Trusted Root Certification Authorities section.

    The two Binisoft certificates have expiration dates of 27/2/15 and 17/1/15 and Properties shows their Certification Purposes as "Disable all properties for this certificate".

    The first Generic Root Trust CA one has an expiration date of 31/12/2039 and is also marked as "Disable all properties for this certificate".

    The Symantec one has an expiration date of 14/3/2032 and a purpose enabled called "Code Signing".

    Am I correct in assuming that the first three are probably remnants of an installation and the certificates are permanently disabled (because they're expired and have no certification purpose enabled) or do I need to do more?

    I don't understand what the Time of insertion field is in the report but I believe it changes on subsequent runs - it is different to the non-beta version I tried first.

    Thanks
     
  15. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    1,856
    Last edited by a moderator: Nov 27, 2015
  16. Hiltihome

    Hiltihome Registered Member

    Joined:
    Jul 5, 2013
    Posts:
    627
    Location:
    Baden Germany
    @Gapliin:
    I scanned again using the recommended Beta RC155...
    Same result, 91 "interesting" Root-Certificates

    I could sort out one, my self created and signed certificate.

    Zemana Antimalware did not find any of those 90 suspicious,
    so I guess 90 false positives, due to outdated baseline definitions.

    Any recommendations, to verify ?
     
  17. sound grammar

    sound grammar Registered Member

    Joined:
    Jan 17, 2010
    Posts:
    2
    Thanks for your help Brummelchen. I realised with the help of your post (doh!) that I could search for the "long hex name of the certificate", which must be some kind of identity (?), and see the missing bits of information. I did say I have lots of gaps in my map of the certificate territory, some of which are plugged with your kind help. I think my biggest gap now is that even knowing the high risk certificate that is the last in the list, I'm not sure how to go about neutralising it. Is it just me or is there a gap in the tool kit concerning prevention, detection, verification and neutralising of the whole area concerning SSL, TLS, PKI, certificates etc that falls between virus, firewall, and other threat management tools...
     
  18. G1111

    G1111 Registered Member

    Joined:
    May 11, 2005
    Posts:
    2,146
    Location:
    USA
    I had 90 all inserted at same time. When I run the scan now it finds none.
     
  19. svenfaw

    svenfaw Registered Member

    Joined:
    May 7, 2012
    Posts:
    158
    Could you post the results as text (not a screenshot)?

    I think they are all obsolete entries but would like to check.
    Also, it would be helpful to find out what happened on 11/24/2015 19:13:59 UTC.
    Did you reinstall on your OS on that day? Any other relevant system changes?

    By the way I have started working on a database-less version of RCC, which would require no regular updates.
     
    Last edited: Nov 29, 2015
  20. Hiltihome

    Hiltihome Registered Member

    Joined:
    Jul 5, 2013
    Posts:
    627
    Location:
    Baden Germany
    OS is WIN8.1, running for more than a year.

    No major change, except updating HMP.Alert to 3.1 build 340


    RCC 1.55.247 beta - (c) 2015 @hexatomium - All rights reserved.
    For long-term use in a production environment, please email cubaguy@gmail.com.

    Scanning baselines available: 1
    Definitions updated: 2015-11-15


    *** Scanning Windows root CA store... (Baseline selected: RCC1_STD_MSCTL)


    Number of 'interesting' items: 90 (Not part of baseline)

    E392512F0ACFF505DFF6DE067F7537E165EA574B: NetLock Expressz (Class C) Tanusitvan
    Time of insertion: 2015-11-24 19:57:19 UTC

    FAAA27B8CAF5FDF5CDA98AC3378572E04CE8F2E0: Certificado de la Clave Principal
    Time of insertion: 2015-11-24 19:57:19 UTC

    8CC4307BC60755E7B22DD9F7FEA245936C7CF288: TC TrustCenter Universal CA II
    Time of insertion: 2015-11-24 19:57:19 UTC

    67EB337B684CEB0EC2B0760AB488278CDD9597DD: DST RootCA X2
    Time of insertion: 2015-11-24 19:57:19 UTC

    CC7EA292AF8715D74CA4B415F320154B24F565FD: SAPO Class 4 Root CA
    Time of insertion: 2015-11-24 19:57:19 UTC

    D29F6C98BEFC6D986521543EE8BE56CEBC288CF3: certificate@trustcenter.de
    Time of insertion: 2015-11-24 19:57:19 UTC

    54F9C163759F19045121A319F64C2D0555B7E073: Certisign - Autoridade Certificadora
    Time of insertion: 2015-11-24 19:57:19 UTC

    85B5FF679B0C79961FC86E4422004613DB179284: America Online Root Certification Aut
    Time of insertion: 2015-11-24 19:57:19 UTC

    F5C27CF5FFF3029ACF1A1A4BEC7EE1964C77D784: CertRSA01
    Time of insertion: 2015-11-24 19:57:19 UTC

    E5DF743CB601C49B9843DCAB8CE86A81109FE48E: http://www.valicert.com/
    Time of insertion: 2015-11-24 19:57:19 UTC

    EDB3CB5FB419A185066267E5791554E1E28B6399: SAPO Class 2 Root CA
    Time of insertion: 2015-11-24 19:57:19 UTC

    40E78C1D523D1CD9954FAC1A1AB3BD3CBAA15BFC: Thawte Personal Basic CA
    Time of insertion: 2015-11-24 19:57:19 UTC

    394FF6850B06BE52E51856CC10E180E882B385CC: Equifax Secure eBusiness CA-2
    Time of insertion: 2015-11-24 19:57:19 UTC

    317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6: http://www.valicert.com/
    Time of insertion: 2015-11-24 19:57:19 UTC

    049811056AFE9FD0F5BE01685AACE6A5D1C4454C: VeriSign Trust Network
    Time of insertion: 2015-11-24 19:57:19 UTC

    A1DB6393916F17E4185509400415C70240B0AE6B: Class 3 Public Primary Certification
    Time of insertion: 2015-11-24 20:00:51 UTC

    DA40188B9189A3EDEEAEDA97FE2F9DF5B7D18A41: Equifax Secure eBusiness CA-1
    Time of insertion: 2015-11-24 19:57:19 UTC

    96974CD6B663A7184526B1D648AD815CF51E801A: VeriSign Individual Software Publish
    Time of insertion: 2015-11-24 19:57:19 UTC

    93E6AB220303B52328DCDA569EBAE4D1D1CCFB65: Wells Fargo Root Certificate Authorit
    Time of insertion: 2015-11-24 19:57:19 UTC

    97E2E99636A547554F838FBA38B82E74F89A830A: VeriSign Trust Network
    Time of insertion: 2015-11-24 19:57:19 UTC

    DBAC3C7AA4254DA1AA5CAAD68468CB88EEDDEEA8: GTE CyberTrust Root
    Time of insertion: 2015-11-24 19:57:19 UTC

    838E30F77FDD14AA385ED145009C0E2236494FAA: certificate@trustcenter.de
    Time of insertion: 2015-11-24 19:57:19 UTC

    A5EC73D48C34FCBEF1005AEB85843524BBFAB727: Class 2 Public Primary Certification
    Time of insertion: 2015-11-24 19:57:19 UTC

    CFF810FB2C4FFC0156BFE1E1FABCB418C68D31C5: Certisign Autoridade Certificadora A
    Time of insertion: 2015-11-24 19:57:19 UTC

    3070F8833E4AA6803E09A646AE3F7D8AE1FD1654: Agence Nationale de Certification Ele
    Time of insertion: 2015-11-24 19:57:19 UTC

    24BA6D6C8A5B5837A48DB5FAE919EA675C94D217: IPS SERVIDORES
    Time of insertion: 2015-11-24 19:57:19 UTC

    3F85F2BB4A62B0B58BE1614ABB0D4631B4BEF8BA: VeriSign Trust Network
    Time of insertion: 2015-11-24 19:57:19 UTC

    4F65566336DB6598581D584A596C87934D5F2AB4: Class 3 Public Primary Certification
    Time of insertion: 2015-11-24 20:00:51 UTC

    E619D25B380B7B13FDA33E8A58CD82D8A88E0515: A-Trust-Qual-01
    Time of insertion: 2015-11-24 19:57:19 UTC

    879F4BEE05DF98583BE360D633E70D3FFE9871AF: NetLock Uzleti (Class B) Tanusitvanyk
    Time of insertion: 2015-11-24 19:57:19 UTC

    68ED18B309CD5291C0D3357C1D1141BF883866B1: Xcert EZ by DST
    Time of insertion: 2015-11-24 19:57:19 UTC

    69BD8CF49CD300FB592E1793CA556AF3ECAA35FB: http://www.valicert.com/
    Time of insertion: 2015-11-24 19:57:19 UTC

    AB48F333DB04ABB9C072DA5B0CC1D057F0369B46: DSTCA E2
    Time of insertion: 2015-11-24 19:57:19 UTC

    679A4F81FC705DDEC419778DD2EBD875F4C242C6: A-Trust-Qual-02
    Time of insertion: 2015-11-24 19:57:19 UTC

    A9628F4B98A91B4835BAD2C1463286BB66646A8C: Autoridad de Certificacion Firmaprofe
    Time of insertion: 2015-11-24 19:57:19 UTC

    9FC796E8F8524F863AE1496D381242105F1B78F5: certificate@trustcenter.de
    Time of insertion: 2015-11-24 19:57:19 UTC

    A3E31E20B2E46A328520472D0CDE9523E7260C6D: Baltimore EZ by DST
    Time of insertion: 2015-11-24 19:57:19 UTC

    688B6EB807E8EDA5C7B17C4393D0795F0FAE155F: VeriSign Commercial Software Publish
    Time of insertion: 2015-11-24 21:14:01 UTC

    9FAD91A6CE6AC6C50047C44EC9D4A50D92D84979: Thawte Server CA
    Time of insertion: 2015-11-24 19:57:19 UTC

    8E1032E9245944F84791983EC9E829CB1059B4D3: a-cert@argedaten.at
    Time of insertion: 2015-11-24 19:57:19 UTC

    CFF360F524CB20F1FEAD89006F7F586A285B2D5B: VeriSign Trust Network
    Time of insertion: 2015-11-24 19:57:19 UTC

    E3D73606996CDFEF61FA04C335E98EA96104264A: D-TRUST Qualified Root CA 1 2007:pN
    Time of insertion: 2015-11-24 19:57:19 UTC

    51A44C28F313E3F9CB5E7C0A1E0E0DD2843758AE: A-Trust-nQual-01
    Time of insertion: 2015-11-24 19:57:19 UTC

    0446C8BB9A6983C95C8A2E5464687C1115AAB74A: InfoNotary CSP Root + OUInfoNotary C
    Time of insertion: 2015-11-24 19:57:19 UTC

    EC0C3716EA9EDFADD35DFBD55608E60A05D3CBF3: DST (UPS) RootCA
    Time of insertion: 2015-11-24 19:57:19 UTC

    4463C531D7CCC1006794612BB656D3BF8257846F: Secure Server Certification Authorit
    Time of insertion: 2015-11-24 19:57:19 UTC

    CE6A64A309E42FBBD9851C453E6409EAE87D60F1: Class 1 Public Primary Certification
    Time of insertion: 2015-11-24 19:57:19 UTC

    BC9219DDC98E14BF1A781F6E280B04C27F902712: DST-Entrust GTI CA
    Time of insertion: 2015-11-24 19:57:19 UTC

    7030AABF8432A800666CCCC42A887E42B7553E2B: eSign Imperito Primary Root CA
    Time of insertion: 2015-11-24 19:57:19 UTC

    CFDEFE102FDA05BBE4C78D2E4423589005B2571D: DST (NRF) RootCA
    Time of insertion: 2015-11-24 19:57:19 UTC

    2964B686135B5DFDDD3253A89BBC24D74B08C64D: A-CERT ADVANCED
    Time of insertion: 2015-11-24 19:57:19 UTC

    36863563FD5128C7BEA6F005CFE9B43668086CCE: Thawte Personal Premium CA
    Time of insertion: 2015-11-24 19:57:19 UTC

    209900B63D955728140CD13622D8C687A4EB0085: Thawte Personal Freemail CA
    Time of insertion: 2015-11-24 19:57:19 UTC

    89C32E6B524E4D65388B9ECEDC637134ED4193A3: Macao Post eSignTrust Root Certificat
    Time of insertion: 2015-11-24 19:57:19 UTC

    B1B2364FD4D4F52E89B2D0FAF33E4D62BD969921: SAPO Class 3 Root CA
    Time of insertion: 2015-11-24 19:57:19 UTC

    7AC5FFF8DCBC5583176877073BF751735E9BD358: SecureNet CA Class B
    Time of insertion: 2015-11-24 19:57:19 UTC

    5F4E1FCF31B7913B850B54F6E5FF501A2B6FC6CF: KISA RootCA 3
    Time of insertion: 2015-11-24 19:57:19 UTC

    0B77BEBBCB7AA24705DECC0FBD6A02FC7ABD9B52: VeriSign Trust Network
    Time of insertion: 2015-11-24 19:57:19 UTC

    8B1A1106B8E26B232980FD652E6181376441FD11: Certificado Empresarial Clase-A
    Time of insertion: 2015-11-24 19:57:19 UTC

    B3EAC44776C9C81CEAF29D95B6CCA0081B67EC9D: VeriSign Trust Network
    Time of insertion: 2015-11-24 19:57:19 UTC

    78E9DD0650624DB9CB36B50767F209B843BE15B3: Class 1 Public Primary Certification
    Time of insertion: 2015-11-24 19:57:19 UTC

    9078C5A28F9A4325C2A7C73813CDFE13C20F934E: SERVICIOS DE CERTIFICACION - A.N.C.
    Time of insertion: 2015-11-24 19:57:19 UTC

    E70715F6F728365B5190E271DEE4C65EBEEACAF3: Telekom-Control-Kommission Top 1
    Time of insertion: 2015-11-24 19:57:19 UTC

    D904080A4929C838E9F185ECF7A22DEF99342407: Agence Nationale de Certification Ele
    Time of insertion: 2015-11-24 19:57:19 UTC

    8EFDCABC93E61E925D4D1DED181A4320A467A139: Autoridade Certificadora Raiz Brasile
    Time of insertion: 2015-11-24 19:57:19 UTC

    4F555CE20DCD3364E0DC7C41EFDD40F50356C122: CERTICAMARA S.A.
    Time of insertion: 2015-11-24 19:57:19 UTC

    6A6F2A8B6E2615088DF59CD24C402418AE42A3F1: Primary Utility Root CA
    Time of insertion: 2015-11-24 19:57:19 UTC

    A399F76F0CBF4C9DA55E4AC24E8960984B2905B6: TC TrustCenter Time Stamping CA
    Time of insertion: 2015-11-24 19:57:19 UTC

    B9CD0CF69835EABF3F137F2049E4C924878477DB: Root CA
    Time of insertion: 2015-11-24 19:57:19 UTC

    67248980DE775D2C9B04E40307940BADB351F395: CESAM
    Time of insertion: 2015-11-24 19:57:19 UTC

    21FCBD8E7F6CAF051BD1B343ECA8E76147F20F8A: TDC Internet Root CA
    Time of insertion: 2015-11-24 19:57:19 UTC

    0048F8D37B153F6EA2798C323EF4F318A5624A9E: Certisign Autoridade Certificadora A
    Time of insertion: 2015-11-24 19:57:19 UTC

    E0AB059420725493056062023670F7CD2EFC6666: Thawte Premium Server CA
    Time of insertion: 2015-11-24 21:13:55 UTC

    E0925E18C7765E22DABD9427529DA6AF4E066428: Hongkong Post Root CA
    Time of insertion: 2015-11-24 19:57:19 UTC

    7639C71847E151B5C7EA01C758FBF12ABA298F7A: DST (ANX Network) CA
    Time of insertion: 2015-11-24 19:57:19 UTC

    7A74410FB0CD5C972A364B71BF031D88A6510E9E: ABA.ECOM Root CA
    Time of insertion: 2015-11-24 19:57:19 UTC

    CFE4313DBA05B8A7C30063995A9EB7C247AD8FD5: ipsCA Main CA Root
    Time of insertion: 2015-11-24 19:57:19 UTC

    90DEDE9E4C4E9F6FD88617579DD391BC65A68964: GTE CyberTrust Root
    Time of insertion: 2015-11-24 19:57:19 UTC

    720FC15DDC27D456D098FABF3CDD78D31EF5A8DA: certificate@trustcenter.de
    Time of insertion: 2015-11-24 19:57:19 UTC

    97226AAE4A7A64A59BD16787F27F841C0A001FD0: CCA India 2007
    Time of insertion: 2015-11-24 19:57:19 UTC

    B19DD096DCD4E3E0FD676885505A672C438D4E9C: VeriSign Individual Software Publish
    Time of insertion: 2015-11-24 19:57:19 UTC

    273EE12457FDC4F90C55E82B56167F62F532E547: VeriSign Trust Network
    Time of insertion: 2015-11-24 19:57:19 UTC

    4EFCED9C6BDD0C985CA3C7D253063C5BE6FC620C: Certisign - Autoridade Certificadora
    Time of insertion: 2015-11-24 19:57:19 UTC

    C73026E325FE21916B55C4B53A56B13DCAF3D625: Gatekeeper Root CA
    Time of insertion: 2015-11-24 19:57:19 UTC

    B72FFF92D2CE43DE0A8D4C548C503726A81E2B93: DST RootCA X1
    Time of insertion: 2015-11-24 19:57:19 UTC

    81968B3AEF1CDC70F5FA3269C292A3635BD123D3: DSTCA E1
    Time of insertion: 2015-11-24 19:57:19 UTC

    3C71D70E35A5DAA8B2E3812DC3677417F5990DF3: ipsCA Global CA Root
    Time of insertion: 2015-11-24 19:57:19 UTC

    90AEA26985FF14804C434952ECE9608477AF556F: Class 1 Public Primary Certification
    Time of insertion: 2015-11-24 19:57:19 UTC

    6782AAE0EDEEE21A5839D3C0CD14680A4F60142A: Class 2 Public Primary Certification
    Time of insertion: 2015-11-24 19:57:19 UTC

    BC7B3C6FEF26B9F7AB10D7A1F6B67C5ED2A12D3D: Post.Trust Root CA
    Time of insertion: 2015-11-24 19:57:19 UTC


    The items highlighted above might represent a security risk. It is highly
    recommended to review their purpose, and distrust them if appropriate.


    *** Scanning Mozilla Firefox root CA store...

    Scan suspended: make sure Firefox is not running and try again.

    Hit any key to quit.
     
  21. svenfaw

    svenfaw Registered Member

    Joined:
    May 7, 2012
    Posts:
    158
    Yes these certificates are no longer valid (expired or removed from distribution). How you suddenly got them on 2015-11-24 is anyone's guess. Perhaps an autoupdate glitch?
     
  22. Hiltihome

    Hiltihome Registered Member

    Joined:
    Jul 5, 2013
    Posts:
    627
    Location:
    Baden Germany
    After deleting all expired certificates from my store, there are still 47 left..

    now they say inserted at 11.28.2015 :confused:
    RCC 1.55.247 beta - (c) 2015 @hexatomium - All rights reserved.
    For long-term use in a production environment, please email cubaguy@gmail.com.

    Scanning baselines available: 1
    Definitions updated: 2015-11-15


    *** Scanning Windows root CA store... (Baseline selected: RCC1_STD_MSCTL)


    Number of 'interesting' items: 47 (Not part of baseline)

    E392512F0ACFF505DFF6DE067F7537E165EA574B: NetLock Expressz (Class C) Tanusitvan
    Time of insertion: 2015-11-28 20:22:21 UTC

    8CC4307BC60755E7B22DD9F7FEA245936C7CF288: TC TrustCenter Universal CA II
    Time of insertion: 2015-11-28 20:25:03 UTC

    CC7EA292AF8715D74CA4B415F320154B24F565FD: SAPO Class 4 Root CA
    Time of insertion: 2015-11-28 20:27:10 UTC

    54F9C163759F19045121A319F64C2D0555B7E073: Certisign - Autoridade Certificadora
    Time of insertion: 2015-11-28 20:28:39 UTC

    85B5FF679B0C79961FC86E4422004613DB179284: America Online Root Certification Aut
    Time of insertion: 2015-11-28 20:29:03 UTC

    E5DF743CB601C49B9843DCAB8CE86A81109FE48E: http://www.valicert.com/
    Time of insertion: 2015-11-28 20:31:27 UTC

    EDB3CB5FB419A185066267E5791554E1E28B6399: SAPO Class 2 Root CA
    Time of insertion: 2015-11-28 20:31:45 UTC

    40E78C1D523D1CD9954FAC1A1AB3BD3CBAA15BFC: Thawte Personal Basic CA
    Time of insertion: 2015-11-28 20:32:04 UTC

    394FF6850B06BE52E51856CC10E180E882B385CC: Equifax Secure eBusiness CA-2
    Time of insertion: 2015-11-28 20:32:21 UTC

    317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6: http://www.valicert.com/
    Time of insertion: 2015-11-28 20:32:38 UTC

    049811056AFE9FD0F5BE01685AACE6A5D1C4454C: VeriSign Trust Network
    Time of insertion: 2015-11-28 20:21:48 UTC

    A1DB6393916F17E4185509400415C70240B0AE6B: Class 3 Public Primary Certification
    Time of insertion: 2015-11-24 20:00:51 UTC

    DA40188B9189A3EDEEAEDA97FE2F9DF5B7D18A41: Equifax Secure eBusiness CA-1
    Time of insertion: 2015-11-28 20:21:48 UTC

    93E6AB220303B52328DCDA569EBAE4D1D1CCFB65: Wells Fargo Root Certificate Authorit
    Time of insertion: 2015-11-28 20:21:48 UTC

    97E2E99636A547554F838FBA38B82E74F89A830A: VeriSign Trust Network
    Time of insertion: 2015-11-28 20:21:48 UTC

    CFF810FB2C4FFC0156BFE1E1FABCB418C68D31C5: Certisign Autoridade Certificadora A
    Time of insertion: 2015-11-28 20:21:48 UTC

    3070F8833E4AA6803E09A646AE3F7D8AE1FD1654: Agence Nationale de Certification Ele
    Time of insertion: 2015-11-28 20:21:48 UTC

    3F85F2BB4A62B0B58BE1614ABB0D4631B4BEF8BA: VeriSign Trust Network
    Time of insertion: 2015-11-28 20:21:48 UTC
     
    Last edited: Nov 28, 2015
  23. svenfaw

    svenfaw Registered Member

    Joined:
    May 7, 2012
    Posts:
    158
    The timestamp changes are strange - perhaps you have some other security software that is interfering/monitoring your certs?

    Also, are you sure you posted the full output? I can only see 18 certs in the last list.
    I believe they should also be removed by the way, as they were all removed from the MS CTL for a variety of reasons.

    However, before doing so, I would suggest to back up your system.
     
  24. Hiltihome

    Hiltihome Registered Member

    Joined:
    Jul 5, 2013
    Posts:
    627
    Location:
    Baden Germany
    Sorry, copy and paste mistake...

    For my configuration: see my signature for the office machine

    BTW: Can't run any version of RCC anymore
    It says certificate list out of date and terminates...

    RCC 1.55.247 beta - (c) 2015 @hexatomium - All rights reserved.
    For long-term use in a production environment, please email cubaguy@gmail.com.

    Scanning baselines available: 1
    Definitions updated: 2015-11-15


    *** Scanning Windows root CA store... (Baseline selected: RCC1_STD_MSCTL)


    Number of 'interesting' items: 47 (Not part of baseline)

    E392512F0ACFF505DFF6DE067F7537E165EA574B: NetLock Expressz (Class C) Tanusitvan
    Time of insertion: 2015-11-28 20:22:21 UTC

    8CC4307BC60755E7B22DD9F7FEA245936C7CF288: TC TrustCenter Universal CA II
    Time of insertion: 2015-11-28 20:25:03 UTC

    CC7EA292AF8715D74CA4B415F320154B24F565FD: SAPO Class 4 Root CA
    Time of insertion: 2015-11-28 20:27:10 UTC

    54F9C163759F19045121A319F64C2D0555B7E073: Certisign - Autoridade Certificadora
    Time of insertion: 2015-11-28 20:28:39 UTC

    85B5FF679B0C79961FC86E4422004613DB179284: America Online Root Certification Aut
    Time of insertion: 2015-11-28 20:29:03 UTC

    E5DF743CB601C49B9843DCAB8CE86A81109FE48E: http://www.valicert.com/
    Time of insertion: 2015-11-28 20:31:27 UTC

    EDB3CB5FB419A185066267E5791554E1E28B6399: SAPO Class 2 Root CA
    Time of insertion: 2015-11-28 20:31:45 UTC

    40E78C1D523D1CD9954FAC1A1AB3BD3CBAA15BFC: Thawte Personal Basic CA
    Time of insertion: 2015-11-28 20:32:04 UTC

    394FF6850B06BE52E51856CC10E180E882B385CC: Equifax Secure eBusiness CA-2
    Time of insertion: 2015-11-28 20:32:21 UTC

    317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6: http://www.valicert.com/
    Time of insertion: 2015-11-28 20:32:38 UTC

    049811056AFE9FD0F5BE01685AACE6A5D1C4454C: VeriSign Trust Network
    Time of insertion: 2015-11-28 20:21:48 UTC

    A1DB6393916F17E4185509400415C70240B0AE6B: Class 3 Public Primary Certification
    Time of insertion: 2015-11-24 20:00:51 UTC

    DA40188B9189A3EDEEAEDA97FE2F9DF5B7D18A41: Equifax Secure eBusiness CA-1
    Time of insertion: 2015-11-28 20:21:48 UTC

    93E6AB220303B52328DCDA569EBAE4D1D1CCFB65: Wells Fargo Root Certificate Authorit
    Time of insertion: 2015-11-28 20:21:48 UTC

    97E2E99636A547554F838FBA38B82E74F89A830A: VeriSign Trust Network
    Time of insertion: 2015-11-28 20:21:48 UTC

    CFF810FB2C4FFC0156BFE1E1FABCB418C68D31C5: Certisign Autoridade Certificadora A
    Time of insertion: 2015-11-28 20:21:48 UTC

    3070F8833E4AA6803E09A646AE3F7D8AE1FD1654: Agence Nationale de Certification Ele
    Time of insertion: 2015-11-28 20:21:48 UTC

    3F85F2BB4A62B0B58BE1614ABB0D4631B4BEF8BA: VeriSign Trust Network
    Time of insertion: 2015-11-28 20:21:48 UTC

    879F4BEE05DF98583BE360D633E70D3FFE9871AF: NetLock Uzleti (Class B) Tanusitvanyk
    Time of insertion: 2015-11-28 20:21:48 UTC

    69BD8CF49CD300FB592E1793CA556AF3ECAA35FB: http://www.valicert.com/
    Time of insertion: 2015-11-28 20:21:48 UTC

    AB48F333DB04ABB9C072DA5B0CC1D057F0369B46: DSTCA E2
    Time of insertion: 2015-11-28 20:21:48 UTC

    9FAD91A6CE6AC6C50047C44EC9D4A50D92D84979: Thawte Server CA
    Time of insertion: 2015-11-28 20:21:48 UTC

    CFF360F524CB20F1FEAD89006F7F586A285B2D5B: VeriSign Trust Network
    Time of insertion: 2015-11-28 20:21:48 UTC

    0446C8BB9A6983C95C8A2E5464687C1115AAB74A: InfoNotary CSP Root + OUInfoNotary C
    Time of insertion: 2015-11-28 20:21:48 UTC

    CE6A64A309E42FBBD9851C453E6409EAE87D60F1: Class 1 Public Primary Certification
    Time of insertion: 2015-11-28 20:21:48 UTC

    BC9219DDC98E14BF1A781F6E280B04C27F902712: DST-Entrust GTI CA
    Time of insertion: 2015-11-28 20:21:48 UTC

    36863563FD5128C7BEA6F005CFE9B43668086CCE: Thawte Personal Premium CA
    Time of insertion: 2015-11-28 20:21:48 UTC

    209900B63D955728140CD13622D8C687A4EB0085: Thawte Personal Freemail CA
    Time of insertion: 2015-11-28 20:21:48 UTC

    B1B2364FD4D4F52E89B2D0FAF33E4D62BD969921: SAPO Class 3 Root CA
    Time of insertion: 2015-11-28 20:21:48 UTC

    0B77BEBBCB7AA24705DECC0FBD6A02FC7ABD9B52: VeriSign Trust Network
    Time of insertion: 2015-11-28 20:21:48 UTC

    B3EAC44776C9C81CEAF29D95B6CCA0081B67EC9D: VeriSign Trust Network
    Time of insertion: 2015-11-28 20:21:48 UTC

    78E9DD0650624DB9CB36B50767F209B843BE15B3: Class 1 Public Primary Certification
    Time of insertion: 2015-11-28 20:21:48 UTC

    D904080A4929C838E9F185ECF7A22DEF99342407: Agence Nationale de Certification Ele
    Time of insertion: 2015-11-28 20:21:48 UTC

    67248980DE775D2C9B04E40307940BADB351F395: CESAM
    Time of insertion: 2015-11-28 20:21:48 UTC

    21FCBD8E7F6CAF051BD1B343ECA8E76147F20F8A: TDC Internet Root CA
    Time of insertion: 2015-11-28 20:21:48 UTC

    0048F8D37B153F6EA2798C323EF4F318A5624A9E: Certisign Autoridade Certificadora A
    Time of insertion: 2015-11-28 20:21:48 UTC

    E0AB059420725493056062023670F7CD2EFC6666: Thawte Premium Server CA
    Time of insertion: 2015-11-24 21:13:55 UTC

    E0925E18C7765E22DABD9427529DA6AF4E066428: Hongkong Post Root CA
    Time of insertion: 2015-11-28 20:21:48 UTC

    7639C71847E151B5C7EA01C758FBF12ABA298F7A: DST (ANX Network) CA
    Time of insertion: 2015-11-28 20:21:48 UTC

    CFE4313DBA05B8A7C30063995A9EB7C247AD8FD5: ipsCA Main CA Root
    Time of insertion: 2015-11-28 20:21:48 UTC

    273EE12457FDC4F90C55E82B56167F62F532E547: VeriSign Trust Network
    Time of insertion: 2015-11-28 20:21:48 UTC

    4EFCED9C6BDD0C985CA3C7D253063C5BE6FC620C: Certisign - Autoridade Certificadora
    Time of insertion: 2015-11-28 20:21:48 UTC

    81968B3AEF1CDC70F5FA3269C292A3635BD123D3: DSTCA E1
    Time of insertion: 2015-11-28 20:21:48 UTC

    3C71D70E35A5DAA8B2E3812DC3677417F5990DF3: ipsCA Global CA Root
    Time of insertion: 2015-11-28 20:21:48 UTC

    90AEA26985FF14804C434952ECE9608477AF556F: Class 1 Public Primary Certification
    Time of insertion: 2015-11-28 20:21:48 UTC

    6782AAE0EDEEE21A5839D3C0CD14680A4F60142A: Class 2 Public Primary Certification
    Time of insertion: 2015-11-28 20:21:48 UTC

    BC7B3C6FEF26B9F7AB10D7A1F6B67C5ED2A12D3D: Post.Trust Root CA
    Time of insertion: 2015-11-28 20:21:48 UTC


    The items highlighted above might represent a security risk. It is highly
    recommended to review their purpose, and distrust them if appropriate.


    *** Scanning Mozilla Firefox root CA store...

    Scan suspended: make sure Firefox is not running and try again.

    Hit any key to quit.
     
    Last edited: Nov 28, 2015
  25. svenfaw

    svenfaw Registered Member

    Joined:
    May 7, 2012
    Posts:
    158
    I posted a new version today, with an updated database.
     
Loading...