RECOMMENDED: Click here to fix Windows errors and optimize system performance
Some of you may remember SuperFish or eDellRoot. These were insecure root certificates installed on users’ computers without their knowledge. While most anti-malware tools are capable of identifying and removing malicious certificates, there are tools like RCC Root Certificate Scanner that focus on removing dangerous root certificates from a Windows computer. SysInternals SigCheck from Microsoft is another tool that does not scan dangerous and unsigned certificates, but now even scans all files in a folder with VirusTotal.
Check unsigned certificates with SigCheck
Sigcheck can display file version number, timestamp information and digital signature details, including certificate strings. You can also use the latest version to download a file to scan and check the status of a file for VirusTotal, which uses 40 antivirus engines.
To scan your Windows computer for unsafe and insecure certificates using SigCheck, download it from Microsoft and extract the contents of the folder. To run the tool, press Shift+Right Click inside the folder. You will see one Open a command window. Click on it.
The tool offers several parameters that you can use. For example, in the Command Prompt window, you can type the following command and press Enter:
If you are using a 64-bit system, use sigcheck64, otherwise sigcheck.
When you execute this command, the tool downloads a list of Microsoft trusted certificates. It then compares your certificates with this list and lists those that are not included in the trusted certificate list.
If you find certificates, you should examine them more thoroughly. If you think they are dangerous, you may want to remove them. This article shows you how to manage root certificates. With Certificate Manager or certmgr.msc under Windows, you can view, export, import, modify, delete or request new certificate details. You can also check the details of the program that installed it, and if you can do without the program, you can also consider uninstalling this software.
Use SigCheck to scan the folder for unsigned files using VirusTotal
For example, to find unsigned files in all files in a folder, you can use the following command:
sigcheck -u -u -e c:windowssystem32
To view and download the complete list of parameters and functions they perform, visit Microsoft.