Windows – find the certificate file so I can add a program to “Trusted Publishers” in the certmgr

certificateuacwindows 7

I have three programs that startup automatically with Windows 7.

They are:

  • Webroot SecureAnywhere
  • Soluto Anti-Frustration Software
  • everything.exe

Each of these programs bring up a blue UAC dialog everytime the machine starts.
(okay so everything.exe gives me a yellow one….)

A pair of blue UAC dialogs

In an effort to stop this I've begun reading about UAC. I've read about it:

"Only elevate executable files that are signed and validated –
Enabling this options will prevent any application that is not
digitally signed by a vendor inside the Trusted Publishers list on
your computer to run."

and it says that if I add the associated certificates to the "Trusted Publishers tree node of the certmgr I will be able to stop these blue UAC dialogs from prompting. However…I don't know where to find the certificate files for import.

While I'm pretty sure that everything.exe doesn't have a certificate, the other two programs come from reputable shops; though I can't find certificates on their websites, or any mention of where I can find them.

They're stored as *.cer or *.crt files I really don't know where they are

I'm not completely sure that the "Trusted Publishers tree node" fix is what I want. This problem is on my personal laptop.

Update

This question led me to another question about why the chain of trust is broken

Best Answer

Open the executable's properties and go to the Digital Signatures tab (If there is no Digital Signatures tab (which I bet everything.exe will not), then the program is not signed and you must sign it yourself with a self signed certificate. Search Stack Overflow for instructions on how to do that).

enter image description here

From there click on Details to bring up the Digital Signature Details window.

enter image description here

From that window click View Certificate to bring up the certificate page.

enter image description here

From there click Install Certficate, on the second page, when choosing the certificate store, change from Automatically select... to Place all certificates in the following store. Then browse and choose the Trusted Publishers store.

enter image description here

NOTE: The above steps puts the certificate in the User's Trusted Publisher store. If you need the Machine's trusted publisher store you must export the certifacate by going to the Details tab of the certifacte's window and clicking Copy to File

enter image description here

The default selections is fine for exporting. When you choose a name for your file, make sure you put the file extension on, it does not put it there by default.

Once you have the .cer file you can open MMC from the run diaglog add the Certficates snap-in and set it to the Computer account store.

enter image description here

That should open a snap in module called Certificates (local computer). From that screen right click on Trusted Publishers, go to All Tasks, then click Import.

enter image description here

From the new window that opens you can select the .cer file you exported from the earlier instructions and it should add it to the machine store.

All screen shots where taken from a Windows-7 Enterprise edition, but it should be the same for all other editions.

Related Question