Hello, Some security softwares (i think) auto-allow when a software is digitally signed by a trusted vendor and it is on their trusted certificate list. Someone might call this some kind of a whitelist. However there are some malwares that is signed(stolen) by a trusted certificate vendor, for example, some malwares are signed by Comodo CA. So, if i'm using comodo product(s) and i run malware .exe which is signed by Comodo CA certificate, so can it run and do its malicious activities. Is there a way to check certificate authentication, parent signer, digital fingerprint etc that its really legit and not stolen?