There are many dangerous root certificates which have found their way to the PC over the time and it has the potential to cause some serious problems. Computer manufacturers and suspicious adware programs tends to install a number of root certificates like Lenovo’s Superfish, Dell’s eDellRoot and others on the PC which makes PC vulnerable to attacks. It is necessary to check these root certificates in order to ensure the safety and security of the computer devices.

Microsoft has recently launched a tool which can help in quickly scanning the system and finding the dangerous root certificates which are not trusted by Microsoft. Here is a quick guide which will help in checking the root certificates within a few minutes.

How to check

Microsoft offers the Sigcheck tool for this purpose. Users are required to download Sigcheck from Microsoft. Now open the .zip file and extract the sigcheck.exe file from it.

Now carefully navigate to the folder where you had extracted the sigcheck.exe file. Now press and hold the shift key and give a right click in the File Explorer window and select the ‘Open command window here’ option.

A common prompt will appear on the screen wherein you are required to type in this command and press enter.

sigcheck –tv

Now sigcheck will start download a list of trusted certificates from Microsoft and it will cross the certificates installed on your PC. If will show the list of un-trusted certificates installed after verifying with the Microsoft’s list. If everything happens to good then it will pop up a ‘No certificates found’ message.

How to deal with Bad Certificate

If the sigcheck application shows any bad certificate then perform a web search to understand how it reached your computer system. It is advisable not perform any manual removal of the bad certificates. If any bad certificate was installed by a program featuring on your PC then it will reinstall the bad certificate when you run even after you remove it. The best course of action will be to remove the program which is installing bad certificate on your PC.

Follow these steps to manually remove the bad certificates from your PC by using Windows’s certificate management console. Go to the Start Menu or Start screen and perform a search for the ‘certificates’. Now give a click on the ‘Manage computer certificates’ link. Another way is to launch the Run dialog by pressing Windows key+ R, type in ‘certmgr.msc’ and press Enter.

You can find the root certificates under Trusted Root Certification Authorities\Certificates in the window. Now carefully locate the bad certificate which you need to remove from the list of certificates, give a right click on it and select ‘Delete’ option.

It is advisable to use caution while removing the certificates as removing legit certificates by mistake will only end up aggravating your problems. Microsoft has enhanced its capability in handling and cracking down the software which makes PC vulnerable to threats. You can even use the Windows Defender to find and remove bad certificates automatically from the PC.