Rogue root Certification!

Did you ever checked your system for Rogue root Certification?

  • Yes

    Votes: 7 41.2%
  • No

    Votes: 8 47.1%
  • Yes right now

    Votes: 2 11.8%

  • Total voters
    17
  • Poll closed .

Sunshine-boy

Level 28
Thread author
Verified
Top Poster
Well-known
Apr 1, 2017
1,759
Hello friends, I was surfing the web and I found an interesting subject.

Dangerous root certificates are a serious problem. From Lenovo’s Superfish to Dell’s eDellRoot and a number of other certificates installed by adware programs, your computer’s manufacturer or a program you installed may have added a certificate that opens you to attack. Here’s how to check if your certificates are clean.
Read more here:

How to Check for Dangerous, Superfish-Like Certificates on Your Windows PC

how to check your system?

To get started, download Sigcheck from Microsoft. Open the downloaded .zip file and extract the sigcheck.exe file. For example, you could just drag and drop the file to your desktop.

1.JiBnMqyl6S.gif


Navigate to the folder containing the sigcheck.exe file you just extracted. For example, if you put it on your desktop, open the Desktop folder in File Explorer (or Windows Explorer, if you’re on Windows 7). Press and hold the Shift key on your keyboard, right-click in the File Explorer window, and select “Open command window here”.

1.JiBnMqyl6S.gif


Type the following command at the command prompt and press Enter:

sigcheck -tv

Sigcheck will download a list of trusted certificates from Microsoft and compare it to the certificates installed on your computer. If there are any certificates on your computer that aren’t on the “Microsoft Certificate Trust List”, you’ll see them listed here. If everything is good and you don’t have any rogue certificates, you’ll see the “No certificates found” message.

I did my test and I got this:p
I don't know why Adgaurd isn't in the Microsoft trusted list :(


PLS share the results:p:p

Added: another tool
RCC Download
this one is better
Scan your Windows computer for untrusted root certificates - gHacks Tech News
 

Attachments

  • rouge certificat...JPG
    rouge certificat...JPG
    54.4 KB · Views: 345
Last edited:

Sunshine-boy

Level 28
Thread author
Verified
Top Poster
Well-known
Apr 1, 2017
1,759
Hello, and thnx for the share, this means Eset SSL filter isn't into the microsoft trusted list but it doesnt means its bad i just want to know why Microsoft didnt trust it!same for Adguard!
 
Last edited:
  • Like
Reactions: Syafiq

tanto259

Level 1
Jul 29, 2017
12
I also have the Adguard Personal CA root. As far as I know, Adguard, ESET, and any other SSL filtering app couldn't request for inclusion to the Microsoft Trusted Root Certificate program since they don't actually issue a public SSL certificate. The issuance is limited to your computer only. Plus, by issuing certificate to all the domains, including those they are not authorized to, they wouldn't pass auditing. Additionally, they also violate multiple regulation by the CA/B forum, such as issuing a certificate directly from the root without any intermediate certificate.

It's all about trust in this business. You trust Adguard or ESET to filter the bad guys out from your connection, even if they need to MiTM your SSL connection.

  • ESET SSL Filter CA
    • Serial: 7E 42 D5 38 AD 01 AD 96 45 BA 83 86 F9 9E 3F 84
  • Adguard Personal CA
    • Serial: 00 CC A6 CC FF 93 47 7A 16 6F A7 66 D9 F3 4E A7 82
  • Universal ADB
    • Serial: 2F 42 BC 11 BE 8B 16 66

If you compare the serial number of my ESET CA with Syafiq's above, the serial number is different, proving that the root certificate is generated per device.
 
Last edited:

Hadden

Level 2
Verified
Oct 18, 2015
97
Yes, I used RCC once to see if issues with my ID card reader were due certificates.
Nothing dangerous. ADB was listed, but I know it's not rouge :p
I put also sigcheck in my security apps folder ;)
 
  • Like
Reactions: Sunshine-boy

Devilish

Level 2
Verified
May 20, 2017
57
Here is my result of rogue root certification test.
Apparently microsoft didn't have Kaspersky in their trsuted list.
8hTsi8z.png
8hTsi8z
 
Last edited:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top