Advice Request Internet Security Essentials-Untrusted Root Certificates

Please provide comments and solutions that are helpful to the author of this topic.

Status
Not open for further replies.
AtlBo

AtlBo

Level 28
Thread author
Verified
Top Poster
Content Creator
Well-known
Dec 29, 2014
1,716
After updating Comodo firewall, I am getting alerts from Internet Security Essentials about untrusted root certificates between Chrome and some sites. Anyone know if these root certificates are installed with Chrome by default, or is this something else? The sites were all fine, like Outlook, etc. (don't recall the sites between by name-there were 5 alerts for about 11 tabs), but I just want to make sure that the certificates are legit and OK. I allowed the certificates once, so I should see the alerts again when I open Chrome next time if that would help. Thanks.

Edit: Just got another alert this time about the netcraft extension. So I guess my question is did Chrome install the Amazon root certificate?

ISE Alert.png
 
Last edited:
  • Like
Reactions: ZeroDay, Vasudev, Sunshine-boy and 5 others
5

509322

AtlBo said:
After updating Comodo firewall, I am getting alerts from Internet Security Essentials about untrusted root certificates between Chrome and some sites. Anyone know if these root certificates are installed with Chrome by default, or is this something else? The sites were all fine, like Outlook, etc. (don't recall the sites between by name-there were 5 alerts for about 11 tabs), but I just want to make sure that the certificates are legit and OK. I allowed the certificates once, so I should see the alerts again when I open Chrome next time if that would help. Thanks.

Edit: Just got another alert this time about the netcraft extension. So I guess my question is did Chrome install the Amazon root certificate?

View attachment 196061
Click to expand...

Chrome doesn't install an Amazon certificate. With the infos you have given, there is no way to tell exactly what is or has happened. The best place to get answers is COMODO support.
 
  • Like
Reactions: ZeroDay, Vasudev, harlan4096 and 2 others
F

ForgottenSeer 58943

Go into the certmgr.msc and get a look at that cert and see what it's up to.

Also while in there, check to see if you have the revoked Equifax one that everyone mysteriously has. It was revoked, but won't properly remove from most systems, so you need to disable it's functionality. I'd strongly advise people keep tabs on their certificate stores in Windows as it's an attack vector.

Also remember, many MiTM systems install RCA's on your box, sometimes without your awareness. In the corporate world, for internal surveillance, companies drop RCA's on the backend of peoples systems for SSL decryption of traffic in real-time.

RCA.png
 
  • Like
Reactions: Av Gurus, Gandalf_The_Grey, woodrowbone and 8 others
AtlBo

AtlBo

Level 28
Thread author
Verified
Top Poster
Content Creator
Well-known
Dec 29, 2014
1,716
Thanks for the information. I do have the Equifax certificate, so I disabled it as you show in your picture. The other alerts, barring the Amazon alert, were for certficates that are on the machine and I notice on your machine @ForgottenSeer 58943. I guess Comodo has a problem with those holders of certificates, since the alert calls the certificate untrusted, while apparently MS disagrees.

No idea how the Amazon certificate factors into an alert. I could only think that maybe Netcraft updates from an Amazon server and maybe Comodo doesn't like Amazon's "ways"...idk anything about certificates really...
 
  • Like
Reactions: Gandalf_The_Grey, lowdetection, Sunshine-boy and 2 others
F

ForgottenSeer 58943

AtlBo said:
Thanks for the information. I do have the Equifax certificate, so I disabled it as you show in your picture. The other alerts, barring the Amazon alert, were for certficates that are on the machine and I notice on your machine @ForgottenSeer 58943. I guess Comodo has a problem with those holders of certificates, since the alert calls the certificate untrusted, while apparently MS disagrees.

No idea how the Amazon certificate factors into an alert. I could only think that maybe Netcraft updates from an Amazon server and maybe Comodo doesn't like Amazon's "ways"...idk anything about certificates really...
Click to expand...

The certs on that machine shown are from a fresh Win10 install from 48 hours ago. So they are basically what's default on a fresh install and update. That Equifax Revoked pile of junk will show up regardless of what you do. If you manually revoke it, it will re-appear as a trusted. So all you can do is disable the thing and move on.

As for the other ones, possibly Comodo FPs.
 
  • Like
Reactions: lowdetection, stefanos, Sunshine-boy and 1 other person
AtlBo

AtlBo

Level 28
Thread author
Verified
Top Poster
Content Creator
Well-known
Dec 29, 2014
1,716
ForgottenSeer 58943 said:
As for the other ones, possibly Comodo FPs.
Click to expand...

Likeliest to be the case with ISE, which just seems to break things on PCs here (y) Actually, I don't recall very many alerts before this jailbreak, recalling that Comodo just updated lol (I had meant to block the ISE installation not sure how it got by)...
 
  • Like
Reactions: Nestor
5

509322

AtlBo said:
Likeliest to be the case with ISE, which just seems to break things on PCs here (y) Actually, I don't recall very many alerts before this jailbreak, recalling that Comodo just updated lol (I had meant to block the ISE installation not sure how it got by)...
Click to expand...

Like I said earlier, the only way to get to the bottom of it is to take it directly to COMODO support or the COMODO forum. Otherwise it is just speculation.
 
  • Like
Reactions: ZeroDay and Nestor
F

ForgottenSeer 58943

lowdetection said:
I tried also on my machines, they are clean formatted from July, and the Equifax was present,

thanks to @ForgottenSeer 58943 for giving insights about this security problem (y)
Click to expand...

Removing the cert won't do it, it will often be re-installed. IMO it's best to leave it, then disable it manually. That renders the cert impotent to any active use of it while tricking the system that it is still there under trusted and active. It's also possible to make adjustments in the registry for more permanent solutions.
 
  • Like
Reactions: Andy Ful and Nestor
Status
Not open for further replies.

Similar threads

Gandalf_The_Grey
    • Like
    • +Reputation
Security News Bitdefender and Trend Micro security software patched after critical vulnerabilities exposed
Replies
0
Views
1,179
Security News
Gandalf_The_Grey
Gandalf_The_Grey
Brahman
    • Like
    • Wow
    • +Reputation
Security News Secure Boot is completely broken on 200+ models from 5 big device makers
Replies
0
Views
2,412
Security News
Brahman
Brahman
Gandalf_The_Grey
    • Like
    • +Reputation
    • Thanks
AV-Comparatives Mac Security Test & Review 2024
Replies
2
Views
446
Security Statistics and Reports
SpiderWeb
SpiderWeb

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top