About the Untrusted certificates sometimes found in scans

Comodo I.S./FW/AV will often find untrusted certificates during rating scans as well as any other scans that examine the certificates. Seeing as how this is the heart of the whitelisting mechanism this can present a huge problem.

Any certificates or certification authorities unworthy of the whitelist should be removed from the installation or at the very least, labeled as “unrecognized” from then on during every database update. And while we’re at it, we should whitelist based on more than just a certificate, we should add an SHA256 hash as part of the requirements before something is allowed to run.

This would help prevent signed malware from being allowed to run unmitigated, especially if you start identifying by SHA256 hashes too.

Untrusted certificates are ones who Comodo has not whitelisted. They are therefore not in the database. Any Trusted certificate that becomes untrusted in the future will have the trust revoked and be removed from the database to become untrusted.

Also, files are already white listed based on their SHA1 hash.

If you do not want to rely on certificates and just rely on the file hash you can disable using certificates for file rating in ‘File Rating Settings’.

Note, this will require files not yet analysed to be submitted for analysis. You can submit applications for review here: Comodo Forum

Just to note, trusted root certificate authorities found in Windows trusted root certificate store and the trusted vendors list are not related to each other in any way. See both help pages regarding root certificates for more info.

So, is there any harm in one of those untrusted certification authorities being on the system?

I read both of those pages a few times and from what I can tell, the thing I was concerned with at the top of this thread isn’t really an issue as long as CIS/CFW will auto-delete the certificates