How to update root certificates for Kaspersky Embedded Systems Security 2.0 manually

 

Kaspersky Embedded Systems Security 2.x

 
 
 

How to update root certificates for Kaspersky Embedded Systems Security 2.0 manually

Back to "Troubleshooting"
Latest update: October 14, 2019 ID: 13727
 
 
 
 
The article concerns Kaspersky Embedded Systems Security version 2.0.
 
 
 
 

Issue

Kaspersky Embedded Systems Security 2.0 may function with errors on operating systems which are not supported by Microsoft and do not receive regular updates. The errors occur because the root certificates are outdated. 

Possible errors:

  • The Applications Launch Control rules work incorrectly for applications identified as trusted according to the certificate in the operating system. The system may block Kaspersky Embedded Systems Security 2.0 if the Applications Launch Control component is configured the following way:
    • The mode of active rule application.
    • No additional rules for Kaspersky Embedded Systems Security 2.0 based on other characteristics than a digital certificate.
  • Automatic generating of Applications Launch Control rules allowing access when the trusted certificate is detected (the application uses SHA256).
  • False critical event entries on corrupted components are generated after running the Software Modules Integrity Check task.

Solution

Update the root certificates manually:

  1. Create the list of last root certificates on a computer running Windows 10 which is regularly updated. To do so, run the following command:
certutil.exe -generateSSTFromWU roots.sst
  1. Move the roots.sst file to the folder C:\PS\rootsupd\ on the computer where the certificates will be manually updated.
  2. Download the rootsupd.zip archive and extract the rootsupd.exe file from it.
  3. Run the rootsupd.exe file with the following parameters:
rootsupd.exe /c /t:C:\PS\rootsupd
  1. After running the command, make sure that the folder contains the utility file, updroots.exe.
  2. Install the latest root certificates using the updroots.exe utility: To do so, run the following command:
updroots.exe roots.sst

The root certificates will be updated.

 
 
 
 
Was this information helpful?
Yes No
Thank you
 

 
 

How can we improve this article?

Your feedback will be used for content improvement purposes only. If you need assistance, please contact technical support.

Submit Submit

Thank you for your feedback!

Your suggestions will help improve this article.

OK