Hello all,i have a question for you guys,i wonder how can i prevent SSL certificates autoinstallation,what ive been noticing is that some certificates are being installed without consent or promptiing which i think its the default behavior,its probably being installed in a silent mode or something,so i really need to implement something to make it prompt just like in kaspersky firewall that intercepts certificates.....kinda need an urgent help and i know where they come from as i commented in other topics...thx in advanceRR

Curious Kid,Can you give the issuer of one of those "auto installed" certificates? So, it is easier for us to dertiminate where they coming from.By default microsoft automaticly updates a some verry important root certificates.This could bea reason why the certificates are silentinstalled. More info onhttp://support.microsoft.com/kb/931125(you can turn these off by GPO or you canremove this feature by add /remove > windows components)An other way could be that your computer is a member of a domain. And your computer recieves some certificates from your domain using auto enrolment.Can you give me some more feedback on this issue?Kind RegardsDFT IM me - TWiTTer: @DFTER

Hi daft thanks fro replying,the issuer i dont remember coz i put it into untrusted certs and deleted and havent looked at it yet,but what i can assume is they are entrust certs entrust.net and the other is equifax which sounds to me that one is netscape ones ,so i use IE8 with GPO which makes much more secure IMO,and when you talked about autoenrollment i remember that i set to "disabled" from GPO so guess i did the wrong thing,as my nick name says im not an expert im just someone who researches a lot to get more security for many reasons as i mentioned in other topics,but what i can say is that i learned a lot with it and it feels good to know a bit more about security,ok lets get back where i was so how can i turn this feature off from add and remove and is that a smart thing to do? does it make less secure or something? i know that windows update uses the GTE certificate cause i remember once when the first time i connected to internet after setting up all security stuff GPO etc etc,windows wouldnt update then i went back to my GPO settings and i found one thing i did that was blocking it from updating the GTE cert,the feature says turn off automatic windows update certificates something like that...so thats my case hope you can help me further,if that policy autoenrollment works as a solution can you please tell me how ? like which check box should i turn on and off...thnks in advance and will be looking forward for replies...

Hi Curious Kid,Ihave a little bit trouble with reading your answer (i am not a native english speaker :)).But if you talk about root certificates like entrust.net and equifax. These root certificates are members of the "Windows Root Certificate Program". (you verify this here: http://download.microsoft.com/download/1/4/f/14f7067b-69d3-473a-ba5e-70d04aea5929/windows%20root%20certificate%20program%20members.pdf)And are updated automaticly by your OS. So try to read the followingarticle on technet. This excelent article tells how this feature works and also how you can stop your OS from installing this root certificates automaticly.http://technet.microsoft.com/en-us/library/cc749331(WS.10).aspxDid this answers your question?Kind RegardsDFTIM me - TWiTTer: @DFTER

hi Daft im back,sorry about the bad english its not my first language sometimes certainphrases might make no sense,due to the fact i write those on the hurry and dont read it back to check if everything is oka ,which is a bad thing i have to discipline myself to change, so about the links you posted i just quickpeeked the second one and will look at those carefully later when i rest a bit but i can tell ya from now that the second one looks pretty hehehe,and allmy questions should be answered on those links!!really apreciate your big help and im going to post if it worked for me later on!!!thx alot dude and cya soon!!regardsRR

Back again and Daft one thing i can tell you,that was the biggest collabration i could ever have ,just learned new stuff and it seems to be working so far,and i also implemented certificates extended config and erased weird old ones so added new hash thing(i think its hash algoritmth) working with NAP settings so hope this makes sense LOL...thx again for your big help and i will defenetly look more in depth about certificates :Dregards,RR

Hehe the pleasure was all mine. :)Can you do one thing and check my post as answer?Thx!DFTIM me - TWiTTer: @DFTER

OH just noticed now after you said....so we have that buttom in the bottom(lol lazy reader),but taking advantage of your kindness i also have a small question for ya..would you mind?every once in a while when i connect to google or other web site when i type in prompt command ipconfig /displaydns to see dns cache records it shows things like this :231.32.69.208.in-addr.arpa----------------------------------------Record Name . . . . . : 231.32.69.208.in-addr.arpaRecord Type . . . . . : 12Time To Live . . . . : 85633Data Length . . . . . : 4Section . . . . . . . : AnswerPTR Record . . . . . : google.navigation.opendns.com Record Name . . . . . : 231.32.69.208.in-addr.arpaRecord Type . . . . . : 12Time To Live . . . . : 85633Data Length . . . . . : 4Section . . . . . . . : AnswerPTR Record . . . . . : google.navigation.opendns.comonly sometimes that happens,so i was wondering if that could be MITM attack or something ....you may also consider im using OpenDNS as dns servers cause if you read my older posts i talked about attacks over my network and the attackers have priviledged info about my internet data everytime i connect ,ppl from my internet provider(admins) are also involved but thats not the right time to talk about that them(corruption kinda thing) in old times some ppl had a beef wit me and some have lotta money so its a long story,so getting back where i was i use opendns servers and it works perfect as many experts advises to use to prevent many dns attacks....so thats thequestion could that be MIM or spoof thingy?thx in advanceOka answered and sorry bout taking that long to do it...(english is limited and bad im tired lol)Kind regardsRR

Oh by the way the record type looks weird and the time to live doesnt correspond to my dnscache implementations and GPO....so i think something i really weird...will be looking forwardcheers(changed my nick name btw its Curious Kat now)RR

yeah i know you might be thinking im a paranoia man lol...nevermind feel free if you want to answer if you dont thats ok too thx anayways :DKind regards,RR