CIS Rating Scan Certificate Checking


Which certificate stores does CIS scan to check certificates?

I ask because it seems that I have more certificates installed on my computer (shown via the Windows Management Console) than CIS is scanning with a Trusted Ratings scan.

Any clarification as to what is going on here would be great!

Kind regards,


Trusted root CA store. Trusted Certificate Authorities Changes Logs, Trusted SSL Certificate | Comodo Internet Security

Thanks futuretech.

So my Trusted Root Certs show having a total of 66 but CIS is showing a total of 64.

Check for “My user account” instead of local computer when you add the certificates snap-in. Also check the amount under the 3rd party root CA store.

Thanks futuretech.

So under both Current User and Local Computer:

Trusted Root Certification Authorities - 66
Third-Party Root Certification Authorities - 51

You most likely have excluded some certificates, check your excluded certificates authorities.


I checked that but it’s empty.

Seems there are 2 duplicate certificates (same thumbprint) in my root store.