Malware will often try to block security software from running, and one of the ways it does this is by adding their code signing certificate to Windows’ “Untrusted” list.
If you try to run a program with an untrusted certificate, Windows displays a message like “this program has been blocked for your protection”, or “an administrator has blocked you from running this program”. (These messages can also appear for other reasons.)
AdwCleaner and Malwarebytes developer Jerome Boursier has released AVCertClean, a basic but effective tool to scan the Untrusted Certificate list, and remove any items which belong to trusted antivirus providers.
The program doesn’t require installation. Launch it, and almost immediately a report appears in your default text file viewer. This will either tell you no certificates were found, or it’ll confirm that one or more legitimate providers were discovered and have been deleted. If you’re in the second group, close the report, reboot and you may be able to install your security software.
This worked for us, but if you’re uncomfortable allowing third-party programs to make low-level system changes without asking, it’s possible to do much the same thing entirely on your own.
First, launch certmgr.msc, the Windows Certificate Manager.
Browse to Untrusted Certificates in the tree and check any of its subfolders.
Look for certificates with names relating to the security software you can’t run, and maybe other legitimate software. Delete anything you’re entirely sure doesn’t belong there, reboot and try your security software again.
Beware: the developer recommends you “do not use this software blindly if you are unsure you need it.” The worst that’s likely to happen is you’ll get an empty report telling you no certificates were found, but as with any low-level system tweaker, there’s always a chance of problems.
AVCertClean is available for Windows 7 and later.
Your Comments & Opinion