Gandalf_The_Grey

Level 13
Verified
Introduction of this tool: RCC - check your system's trusted root certificate store
How do you determine, out of the hundreds of root certificates a typical Windows system trusts, which ones are actually supposed to be there and which ones have been added "behind your back"?

RCC is a tool that quickly inspects the root certificates trusted by Windows and Mozilla Firefox, and pinpoints possible issues. For instance, it is able to detect funky root certificates installed by Superfish or other unknown threats.

RCC does not require admin rights.
It is compatible with Windows 7 and later (clients) and Windows 2008 and later (servers).
Please note that RCC currently uses a (non-elevated) PowerShell command to enumerate the system certificate root store.
The announcement of the update: RCC - check your system's trusted root certificate store
RCC 1.69.041 available (long overdue!)

SHA256: 62c0393bd795e1842f8b759e955312ac1271c53e57ff657d284c7af9414dc3ef
 

Gandalf_The_Grey

Level 13
Verified
Used this tool myself and it found interesting certificates:
Number of 'interesting' items: 3

31F9FC8BA3805986B721EA7295C65B3A44534274: Microsoft ECC TS Root Certificate
Time of insertion: 2018-10-07 15:08:51 UTC

2E64F21C2B4D5558E3FB968DA25BCBBA8AF407B7: Kaspersky Anti-Virus Personal Root
Time of insertion: 2018-11-19 14:18:11 UTC

D23209AD23D314232174E40D7F9D62139786633A: Equifax Secure Certificate Author
Time of insertion: 2018-10-15 21:09:29 UTC
1 one is new for Windows 1809 I think
2 one is from my AV
3 one the Equifax Certficate is revoked and no longer valid.

What do you guys think about these results?
 

ticklemefeet

Level 21
Verified
When I try run this new version and get a cmd open for a few seconds and has some red writing and something about signatures out of date.
That while trying to run it in Shadow Defender , which always worked in the past.