Some of you may remember SuperFish or eDellRoot. They were unsafe Root Certificates installed on users’ computers without their knowledge. While most anti-malware tools are adept at identifying and removing rogue Certificates, some tools like RCC Root Certificate Scanner focus on removing dangerous Root Certificates from a Windows computer. SysInternals SigCheck from Microsoft is another tool that does not let you scan and check for dangerous & unsigned certificates. Still, it now even enables you to scan all files in a folder with VirusTotal.
Check for Unsigned Certificates using SigCheck
Sigcheck can show the file version number, timestamp information, and digital signature details, including certificate chains. Additionally, the latest version now lets you upload a file for scanning and check a file’s status on VirusTotal, which uses 40 antivirus engines.
To use SigCheck to scan your Windows computer for dangerous & unsafe Certificates, download it from Microsoft and extract the folder’s contents. Now to run the tool, press Shift+Right-click inside the folder. You will see an Open a command window here entry. Click on it.
The tool offers several parameters that you can use. As an example, in the Command Prompt window, you may type the following command, for instance, and press Enter:
If you are using a 64-bit system, use sigcheck64, else sigcheck.
When you run this command, the tool downloads a list of Trusted Certificates from Microsoft. It then compares your Certificates with this list and then lists those not present in the Trusted Certificates list.
If you do find any certificates, you may want to investigate further. If you feel they are dangerous, you may want to remove them. This post will show you how to manage Root Certificates. The Certificate Manager or certmgr.msc in Windows lets you see details about your certificates, export, import, modify, delete or request new certificates. You may also check information on the program which has installed it, and if you can do without the program, you could also consider uninstalling that software.
Use SigCheck to scan folder for unsigned files with VirusTotal
To scan all the files in a folder for unsigned files, you could, for example, use the following command:
sigcheck -u -e c:\windows\system32\
To see the entire list of parameters and the functions they perform, and to download SigCheck, visit Microsoft.
What are Certificates important?
Certificates are issued by software developers and websites that make them authentic. If a certificate cannot be verified, then it means someone has forged, or the software and the website may steal data.