itman 1,758 Posted September 26, 2020 Share Posted September 26, 2020 If I add this registry setting: Quote [HKLM\SOFTWARE\Policies\Microsoft\SystemCertificates\Root\ProtectedRoots "Flags"=dword:00000001 It will of course block Eset from updating its cert. in the Win root CA store. Will this in turn bork the Eset updating processing? Assumed is I will have to manually add the new Eset cert. to the Win root CA store. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,298 Posted September 26, 2020 Administrators Share Posted September 26, 2020 I assume it could affect adding the root certificate to the system trusted root CA certificate store so SSL filtering might not work. However, module and program updates should work fine I assume. Link to comment Share on other sites More sharing options...
itman 1,758 Posted September 26, 2020 Author Share Posted September 26, 2020 33 minutes ago, Marcos said: I assume it could affect adding the root certificate to the system trusted root CA certificate store so SSL filtering might not work. However, module and program updates should work fine I assume. Actually, the question was any impact on the update processing itself? Assuming successful updating processing, I would manually add whatever root cert. Eset shows in SSL/TLS section to Win root CA store manually after deleting any existing cert. there. Of course to do so, I would have to temporarily disable this registry setting. Link to comment Share on other sites More sharing options...
itman 1,758 Posted September 26, 2020 Author Share Posted September 26, 2020 Scratch this inquiry. All this reg key setting does is prevent non-Admin users from creating certs. in HKCU root cert. area. As such, it would have no impact on Eset's creation of a cert. in HKLM root cert. area. Link to comment Share on other sites More sharing options...
Recommended Posts