Status
Not open for further replies.

AtlBo

Level 27
Verified
Content Creator
After updating Comodo firewall, I am getting alerts from Internet Security Essentials about untrusted root certificates between Chrome and some sites. Anyone know if these root certificates are installed with Chrome by default, or is this something else? The sites were all fine, like Outlook, etc. (don't recall the sites between by name-there were 5 alerts for about 11 tabs), but I just want to make sure that the certificates are legit and OK. I allowed the certificates once, so I should see the alerts again when I open Chrome next time if that would help. Thanks.

Edit: Just got another alert this time about the netcraft extension. So I guess my question is did Chrome install the Amazon root certificate?

ISE Alert.png
 
Last edited:
5

509322

After updating Comodo firewall, I am getting alerts from Internet Security Essentials about untrusted root certificates between Chrome and some sites. Anyone know if these root certificates are installed with Chrome by default, or is this something else? The sites were all fine, like Outlook, etc. (don't recall the sites between by name-there were 5 alerts for about 11 tabs), but I just want to make sure that the certificates are legit and OK. I allowed the certificates once, so I should see the alerts again when I open Chrome next time if that would help. Thanks.

Edit: Just got another alert this time about the netcraft extension. So I guess my question is did Chrome install the Amazon root certificate?

View attachment 196061

Chrome doesn't install an Amazon certificate. With the infos you have given, there is no way to tell exactly what is or has happened. The best place to get answers is COMODO support.
 

Slyguy

Level 44
Go into the certmgr.msc and get a look at that cert and see what it's up to.

Also while in there, check to see if you have the revoked Equifax one that everyone mysteriously has. It was revoked, but won't properly remove from most systems, so you need to disable it's functionality. I'd strongly advise people keep tabs on their certificate stores in Windows as it's an attack vector.

Also remember, many MiTM systems install RCA's on your box, sometimes without your awareness. In the corporate world, for internal surveillance, companies drop RCA's on the backend of peoples systems for SSL decryption of traffic in real-time.

RCA.png
 

AtlBo

Level 27
Verified
Content Creator
Thanks for the information. I do have the Equifax certificate, so I disabled it as you show in your picture. The other alerts, barring the Amazon alert, were for certficates that are on the machine and I notice on your machine @Slyguy. I guess Comodo has a problem with those holders of certificates, since the alert calls the certificate untrusted, while apparently MS disagrees.

No idea how the Amazon certificate factors into an alert. I could only think that maybe Netcraft updates from an Amazon server and maybe Comodo doesn't like Amazon's "ways"...idk anything about certificates really...
 

Slyguy

Level 44
Thanks for the information. I do have the Equifax certificate, so I disabled it as you show in your picture. The other alerts, barring the Amazon alert, were for certficates that are on the machine and I notice on your machine @Slyguy. I guess Comodo has a problem with those holders of certificates, since the alert calls the certificate untrusted, while apparently MS disagrees.

No idea how the Amazon certificate factors into an alert. I could only think that maybe Netcraft updates from an Amazon server and maybe Comodo doesn't like Amazon's "ways"...idk anything about certificates really...

The certs on that machine shown are from a fresh Win10 install from 48 hours ago. So they are basically what's default on a fresh install and update. That Equifax Revoked pile of junk will show up regardless of what you do. If you manually revoke it, it will re-appear as a trusted. So all you can do is disable the thing and move on.

As for the other ones, possibly Comodo FPs.
 

AtlBo

Level 27
Verified
Content Creator
As for the other ones, possibly Comodo FPs.

Likeliest to be the case with ISE, which just seems to break things on PCs here (y) Actually, I don't recall very many alerts before this jailbreak, recalling that Comodo just updated lol (I had meant to block the ISE installation not sure how it got by)...
 
5

509322

Likeliest to be the case with ISE, which just seems to break things on PCs here (y) Actually, I don't recall very many alerts before this jailbreak, recalling that Comodo just updated lol (I had meant to block the ISE installation not sure how it got by)...

Like I said earlier, the only way to get to the bottom of it is to take it directly to COMODO support or the COMODO forum. Otherwise it is just speculation.
 

Slyguy

Level 44
I tried also on my machines, they are clean formatted from July, and the Equifax was present,

thanks to @Slyguy for giving insights about this security problem (y)

Removing the cert won't do it, it will often be re-installed. IMO it's best to leave it, then disable it manually. That renders the cert impotent to any active use of it while tricking the system that it is still there under trusted and active. It's also possible to make adjustments in the registry for more permanent solutions.
 
Status
Not open for further replies.
Top