Identifying program attempting to install certificate on windows
I had the same experience. I downloaded and installed a Flash grabber program from Softonic and realized almost immediately from the sluggish behavior of my machine that I had picked up rogue software along with the program. I immediately uninstalled the program and rebooted, but then I started getting the relentless CE_UmbrellaCert warning pop-up window. As you mention, it makes the machine unusable. I rolled back as you did which got rid of the warning window, but I was still suspicious about what had been causing the relentless certificate warning pop-up even though the offending program had been uninstalled.
I installed Malware Bytes Free (made sure I updated it with its latest definitions) and did a full system scan. It found 3 PUP (Probably Unwanted Program) items that I didn't have before.
Registry Keys Detected: 1 HKCU\Software\Softonic\Universal Downloader (PUP.Optional.Softonic.A) -> No action taken
Folders Detected: 1 C:\Documents and Settings\Margaret\Application Data\ContentExplorer (PUP.Optional.ContentExplorer.A) -> No action taken.
Files Detected: 1 C:\Documents and Settings\Margaret\Application Data\ContentExplorer\RootCert.cer (PUP.Optional.ContentExplorer.A) -> No action taken.
I checked the little boxes to get rid of the items, but first I had a look at the "RootCert.cer" file. It was a "DO_NOT_TRUST_FiddlerRoot" certificate.
I wish I could help you directly identify which program was causing your CE_UmbrellaCert warning, but I suspect that you must have intentionally or unintentionally installed something or upgraded something just prior to your getting the warning pop-ups that altered your system. That would be the culprit program, add-on or update that you're trying to identify.
Have you tried running a full system scan with the latest updated version of Malware Bytes? It would be interesting to see if you find a registry item and/or a RootCert.cer file on your system as I did.
Related videos on Youtube
![SSL Certificate Error Fix [Tutorial]](https://i.ytimg.com/vi/Xp5G8x3SNhE/hqdefault.jpg?sqp=-oaymwEcCOADEI4CSFXyq4qpAw4IARUAAIhCGAFwAcABBg==&rs=AOn4CLDbPsM9guRh7myRvKhCABz8ha1lOg)
04 : 12
01 : 22
06 : 45
23 : 06
02 : 07
Samin yeasir
If you appreciate my questions/answers on SO and can afford to, please support me on GitHub Sponsors.
Updated on September 18, 2022Comments
-
Samin yeasir over 1 year
I'm trying to help a friend using Windows (which I'm not an expert on by any means) who's experiencing malware-like behavior: a dialog box is repeatedly popping up reading:
You are about to install a certificate from a certification authority (CA) claiming to represent:
CE_UmbrellaCert
Warning: If you install this root certificate, Windows will automatically trust any certificate issued by this CA. Installing a certificate with an unconfirmed thumbprint is a security risk. If you click "yes" you acknowledge this risk.
AV and anti-malware scanners don't detect anything. My friend hasn't accepted installing the certificate, but whatever program is trying to install it keeps retrying, making the system unusable (constant interruptions). Is there any way to track down which program is making the attempt to install it so this program can be uninstalled/deleted?
-
and31415 almost 10 yearsDo you get the same issue if you start Windows in safe mode or perform a clean boot?
-
Samin yeasir almost 10 yearsStarting in safe mode and running a system restore made the problem go away, hopefully for good. But that didn't really answer the question. I'd still like to know, in general, if there's a way when system-level warning/confirmation dialogs like this appear, to determine the identity of the program that's causing them.
-
and31415 almost 10 yearsSearching
"CE_UmbrellaCert"on the net returned very few results, and not much information at all. Should the problem reappear, consider using Process Monitor for further insight. -
moonpoint almost 9 yearsIt's fortunate your friend didn't allow the software to install a root certificate. I didn't discover a program that I installed on my wife's system at her behest had carried with it adware that installed a root certificate that allowed the adware to monitor all HTTPS as well as HTTP traffic on the system until afterwards when I observed anomalous behavior on the system. I hadn't even received a warning about the installation of a root certificate by the GenuisBox adware.
-
-
Samin yeasir almost 10 yearsIt's not my computer and I don't have access (much less local access) to it, but I'll pass along your comments and see if anything turns up.
-
moonpoint almost 9 years@Marc Antony, I also found a "DO_NOT_TRUST_FiddlerRoot" certificate on my wife's system after installing software for her, seeing strange behavior in a browser on her system and then dicovering that root certificate. Fiddler is proxy server software that is useful for debugging web traffic problems, but in that case I found the certificate was being used by adware to set itself up as a MITM spy on the system.
