EMET 4 popup about login.live.com

EMET 4.0 Beta detects that the SSL certificate for login.live.com is not trusted by the rule "MSTrustedCA" associated with the domain "login.live.com."

Is there legitimately a problem with login.live.com?!  It seems to me that an authentication point for Microsoft services should not be having this kind of trouble.  Or if it is that it should be publicized.

August 16th, 2013 11:24pm
I have experienced the same issue.  Something wrong with Microsoft website certs?
Free Windows Admin Tool Kit Click here and download it now
August 21st, 2013 1:55am

EMET detected that the SSL certificate for

EMET detected that the SSL certificate for "login.live.com" is not trusted by the rule "MSTrustedCA" associated with the domain "login.live.com"

August 27th, 2013 5:42pm
Same problem here with www.facebook.com, FacebookCA and *.facebook.com.
Free Windows Admin Tool Kit Click here and download it now
December 30th, 2013 2:12pm

I notice that my Facebook Pinning Rule in Trusts expired today (30-Dec-2013)... perhaps you're getting the message for the same reason I am.

Scott

Seattle, WA, USA

  • Proposed as answer by n_d Tuesday, December 31, 2013 2:26 PM
December 31st, 2013 3:52am

So I just extend the rule? Or do I need to check the certificate or CA?

There are 17 certificates pinned for Facebook.

If I have to manually check the thumbprint / expiry (there is no drill down) that is not very ple

Free Windows Admin Tool Kit Click here and download it now
December 31st, 2013 5:16pm

Yes, that was exactly the reason. Thanks, Scott! For now I extended the date to 3/1/14. Currently I'm not sure: Will Microsoft update Emet rules with Windows Update for the future, or do I have to update them manually from time to time?

December 31st, 2013 5:26pm

I don't have any idea when or how the EMET team updates this list. I hope there's an update (Windows Update?) soon. I'm not an EMET expert, but based on what I do know I'm a big fan of it, and it seems strange that the EMET team would allow this to happen with no explanation and no good help available.

So... EMET Team... hook us up with some wisdom, please. :-)

Free Windows Admin Tool Kit Click here and download it now
January 2nd, 2014 4:25am

First: Please update your Beta to the latest version which is 4.1 now.

With Pinning rules that employ PublicKey Match this problem can still occur on the first time visit because the Windows Trusted Root Store has to be loaded with the Certificates before the rule works. You can avoid this by preloading machines with the CA certificates being used in such rules.

January 7th, 2014 2:02pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics