Author Topic: Monitor the Windows Certificate Store and alert on attempted certificate install  (Read 38731 times)

Offline Adam Bottjen

  • Newbie
  • *
  • Posts: 11
  • Kudos +0/-0
I was listening to security now last week and Steve Gibson was talking about how Windows should be monitoring the certificate store and alert a user if an application wants to install a new certificate. I was thinking that might be a great feature for secureaplus if it's possible.

Offline hendy

  • SecureAPlus Developer
  • Sr. Member
  • *****
  • Posts: 351
  • Kudos +16/-0
SecureAPlus has a different certificate list. The default setting for SecureAPlus is to trust the certificates that are in its trusted certificate list, which is different list from Microsoft Certificate store.


Therefore, even though a program is signed using a certificate that is trusted by Microsoft Certificate store, but if the certificate is not in the SecureAPlus trusted certificate list, SecureAPlus will block it from running.

To tighten the security measures, we can even turn off the "Trust based on Digital Signature". This means that the program will be trusted by the hash only. In this setting, regardless whether the program is signed, it will not be trusted, until it is approved to run.

Offline warwagon

  • Newbie
  • *
  • Posts: 8
  • Kudos +0/-0
Yes, which is why I recommended it as a feature they should add.