To find resolutions for well-known viruses and malware, those in the malware industry keep finding new ways to push viruses into our systems. One such case is the use of fake Root Certificates, where the certificates are scripted such that they look genuine. Sometimes, such fake Root Certificates can result in the leak of really crucial information like credit card details, social security numbers, etc. This issue makes verifying and eliminating them essential.
We have already seen how Microsoft Sysinternals Sigcheck Tool helps us check for dangerous certificates. The command-line tool is great but lacks a user interface. SigcheckGUI is a freeware that acts as a GUI and makes Sigcheck much easier to use.
Most new anti-virus software products depend on identifying the signatures, verifying them, and allowing the process they approve. But there are various free software products that check suspicious root certificates as well. Let us take a look at Sigcheck in brief and then discuss SigcheckGUI.
Windows Sysinternals Sigcheck is a command-line utility that shows timestamp information, file version number, and digital signature details of all files in a folder and is quite helpful. However, the original program is difficult to use as it lacks a user interface.
SigcheckGUI for Windows
SigcheckGUI is a Graphic User Interface for sigcheck.exe. The GUI allows users to scan all running processes at the click of an icon or select certain files or folders and scan them individually.
Scan for unsigned certificates
Before scanning, users might be want to check all that the GUI has to provide. It offers an option for VirusTotal scanning of all the selected files, creating a list of trusted files, computing hash files, and managing allowed extensions.
To scan the files, click on the green mesh-like icon in the toolbar. The results show the filename, status of the verification, the date of the signature, product details, copyright information, the entropy of the process, running status, VirusTotal status, and VirusTotal running URL.
Press F4, and it will display all the same information in a large information box. The options on the view menu help categorize according to signed, unsigned, verified, etc.
The data can be exported in files with a .csv format or a simple text file. It can also be copied to a table to the clipboard and pasted elsewhere.
Moreover, the GUI has options to search for the file name on three search engines – Duckduckgo, Bing, and Google.
If you use sigcheck.exe to scan for dangerous certificates often, SigcheckGUI will make the job easier for you. The freeware can be downloaded from here.
Is SigCheck program itself digitally signed?
Yes, the SigCheck program itself is digitally signed, and there is no need to worry about the signature of this program. However, you must know that it is a command-line utility, which does various things, as said earlier. For your information, you can check the file version number, digital signature details, and many more with the help of this utility.
Can SigCheck check for certificate revocation?
Yes, SigCheck can check for certificate revocation. Whether you want to check the chain of the certificate or find the revocation information, you can do everything with the help of this tool. If you use SigcheckGUI, you can find an interface. However, the original tool is a command-line utility.
TIP: You can also check for unsigned or untrusted Windows Root Certificates using Root Certificates Scanner.