SecureAPlus Forum

Beta Program => Suggestions => Topic started by: Adam Bottjen on December 20, 2018, 04:21:17 AM

Title: Monitor the Windows Certificate Store and alert on attempted certificate install
Post by: Adam Bottjen on December 20, 2018, 04:21:17 AM
I was listening to security now last week and Steve Gibson was talking about how Windows should be monitoring the certificate store and alert a user if an application wants to install a new certificate. I was thinking that might be a great feature for secureaplus if it's possible.
Title: Re: Monitor the Windows Certificate Store and alert on attempted certificate install
Post by: hendy on December 20, 2018, 09:01:02 AM
SecureAPlus has a different certificate list. The default setting for SecureAPlus is to trust the certificates that are in its trusted certificate list, which is different list from Microsoft Certificate store. (https://support.secureaplus.com/wp-content/uploads/2015/05/Getting-to-Application-Whitelisting-Advanced-Settings-1-1.jpg)

(https://support.secureaplus.com/wp-content/uploads/2015/05/Trusted-Certificate-Tab-3.jpg)
Therefore, even though a program is signed using a certificate that is trusted by Microsoft Certificate store, but if the certificate is not in the SecureAPlus trusted certificate list, SecureAPlus will block it from running.

To tighten the security measures, we can even turn off the "Trust based on Digital Signature". This means that the program will be trusted by the hash only. In this setting, regardless whether the program is signed, it will not be trusted, until it is approved to run.
Title: Re: Monitor the Windows Certificate Store and alert on attempted certificate install
Post by: warwagon on December 23, 2018, 05:59:22 AM
Yes, which is why I recommended it as a feature they should add.