Author Topic: Why is Avast modifying my SystemCertificates and RootCA's?  (Read 1627 times)

0 Members and 1 Guest are viewing this topic.

Offline ARandomUser

  • Newbie
  • *
  • Posts: 2
Why is Avast modifying my SystemCertificates and RootCA's?
« on: April 08, 2014, 01:03:14 AM »
I am getting a pop-up from my firewall (Comodo) stating that:
-----------------------------------------
avastui.exe is trying to modify a protected registry key

avastui.exe could not be recognized and is about to modify the protected registry key HKLM\SOFTWARE\Microsoft(also Wow6432Node\Policies\ and a few others)\SystemCertificates\Root (AuthRoot,SmartCardRoot\CRLs etc etc.). You must make sure avastui.exe is a safe application before allowing this request.
-----------------------------------------

For what purpose would avastui.exe need to modify all of these system certificates? My firewall is giving me around 20 pop-ups in a row about these registry changes, then a gap of a few minutes, then another 20 changes. Did some major CA recently get all of their certs revoked or something? Wouldn't a change like this usually come straight from Microsoft in an update?

For informational purposes I'm running Win 7 with all the latest updates, Avast Free latest version. I had to put my firewall in a less secure setting in order to get the pop-ups to stop. Any thoughts?

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31301
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re: Why is Avast modifying my SystemCertificates and RootCA's?
« Reply #1 on: April 08, 2014, 01:36:09 AM »
Avast is using trusted certificates and wants to tell windows which ones.
If Comodo doesn't recognize avastui.exe as a trusted source, Comodo has a problem that they should fix.
Ofcourse it also depends on your settings if you get that message or not.

Offline ARandomUser

  • Newbie
  • *
  • Posts: 2
Re: Why is Avast modifying my SystemCertificates and RootCA's?
« Reply #2 on: April 08, 2014, 03:00:23 AM »
Thank you for your reply. I just wanted to make sure it wasn't something malicious, and it doesn't sound like it is.

I will adjust my firewall settings accordingly. Cheers!