Advice Request Internet Security Essentials-Untrusted Root Certificates

Please provide comments and solutions that are helpful to the author of this topic.

Status
Not open for further replies.

AtlBo

Level 28
Thread author
Verified
Top Poster
Content Creator
Well-known
Dec 29, 2014
1,711
After updating Comodo firewall, I am getting alerts from Internet Security Essentials about untrusted root certificates between Chrome and some sites. Anyone know if these root certificates are installed with Chrome by default, or is this something else? The sites were all fine, like Outlook, etc. (don't recall the sites between by name-there were 5 alerts for about 11 tabs), but I just want to make sure that the certificates are legit and OK. I allowed the certificates once, so I should see the alerts again when I open Chrome next time if that would help. Thanks.

Edit: Just got another alert this time about the netcraft extension. So I guess my question is did Chrome install the Amazon root certificate?

ISE Alert.png
 
Last edited:
5

509322

After updating Comodo firewall, I am getting alerts from Internet Security Essentials about untrusted root certificates between Chrome and some sites. Anyone know if these root certificates are installed with Chrome by default, or is this something else? The sites were all fine, like Outlook, etc. (don't recall the sites between by name-there were 5 alerts for about 11 tabs), but I just want to make sure that the certificates are legit and OK. I allowed the certificates once, so I should see the alerts again when I open Chrome next time if that would help. Thanks.

Edit: Just got another alert this time about the netcraft extension. So I guess my question is did Chrome install the Amazon root certificate?

View attachment 196061

Chrome doesn't install an Amazon certificate. With the infos you have given, there is no way to tell exactly what is or has happened. The best place to get answers is COMODO support.
 
F

ForgottenSeer 58943

Go into the certmgr.msc and get a look at that cert and see what it's up to.

Also while in there, check to see if you have the revoked Equifax one that everyone mysteriously has. It was revoked, but won't properly remove from most systems, so you need to disable it's functionality. I'd strongly advise people keep tabs on their certificate stores in Windows as it's an attack vector.

Also remember, many MiTM systems install RCA's on your box, sometimes without your awareness. In the corporate world, for internal surveillance, companies drop RCA's on the backend of peoples systems for SSL decryption of traffic in real-time.

RCA.png
 

AtlBo

Level 28
Thread author
Verified
Top Poster
Content Creator
Well-known
Dec 29, 2014
1,711
Thanks for the information. I do have the Equifax certificate, so I disabled it as you show in your picture. The other alerts, barring the Amazon alert, were for certficates that are on the machine and I notice on your machine @ForgottenSeer 58943. I guess Comodo has a problem with those holders of certificates, since the alert calls the certificate untrusted, while apparently MS disagrees.

No idea how the Amazon certificate factors into an alert. I could only think that maybe Netcraft updates from an Amazon server and maybe Comodo doesn't like Amazon's "ways"...idk anything about certificates really...
 
F

ForgottenSeer 58943

Thanks for the information. I do have the Equifax certificate, so I disabled it as you show in your picture. The other alerts, barring the Amazon alert, were for certficates that are on the machine and I notice on your machine @ForgottenSeer 58943. I guess Comodo has a problem with those holders of certificates, since the alert calls the certificate untrusted, while apparently MS disagrees.

No idea how the Amazon certificate factors into an alert. I could only think that maybe Netcraft updates from an Amazon server and maybe Comodo doesn't like Amazon's "ways"...idk anything about certificates really...

The certs on that machine shown are from a fresh Win10 install from 48 hours ago. So they are basically what's default on a fresh install and update. That Equifax Revoked pile of junk will show up regardless of what you do. If you manually revoke it, it will re-appear as a trusted. So all you can do is disable the thing and move on.

As for the other ones, possibly Comodo FPs.
 

AtlBo

Level 28
Thread author
Verified
Top Poster
Content Creator
Well-known
Dec 29, 2014
1,711
As for the other ones, possibly Comodo FPs.

Likeliest to be the case with ISE, which just seems to break things on PCs here (y) Actually, I don't recall very many alerts before this jailbreak, recalling that Comodo just updated lol (I had meant to block the ISE installation not sure how it got by)...
 
  • Like
Reactions: Nestor
5

509322

Likeliest to be the case with ISE, which just seems to break things on PCs here (y) Actually, I don't recall very many alerts before this jailbreak, recalling that Comodo just updated lol (I had meant to block the ISE installation not sure how it got by)...

Like I said earlier, the only way to get to the bottom of it is to take it directly to COMODO support or the COMODO forum. Otherwise it is just speculation.
 
  • Like
Reactions: ZeroDay and Nestor
F

ForgottenSeer 58943

I tried also on my machines, they are clean formatted from July, and the Equifax was present,

thanks to @ForgottenSeer 58943 for giving insights about this security problem (y)

Removing the cert won't do it, it will often be re-installed. IMO it's best to leave it, then disable it manually. That renders the cert impotent to any active use of it while tricking the system that it is still there under trusted and active. It's also possible to make adjustments in the registry for more permanent solutions.
 
  • Like
Reactions: Andy Ful and Nestor
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top