How to update root certificates for Kaspersky Embedded Systems Security 3 manually

Issue

Kaspersky Embedded Systems Security may function with errors on operating systems which are not supported by Microsoft and do not receive regular updates. The errors occur because the root certificates are outdated. 

Possible errors:

• The Applications Launch Control rules work incorrectly for applications identified as trusted according to the certificate in the operating system. The system may block Kaspersky Embedded Systems Security if the Applications Launch Control component is configured the following way:
  • The mode of active rule application.
  • No additional rules for Kaspersky Embedded Systems Security based on other characteristics than a digital certificate.
• Automatic generating of Applications Launch Control rules allowing access when the trusted certificate is detected (the application uses SHA256).
• False critical event entries on corrupted components are generated after running the Software Modules Integrity Check task.

Solution

Update the root certificates manually:

1. Create the list of last root certificates on a computer running an up-to-date version of the Windows operating system. To do so, run the command:

2. Move the roots.sst file to the folder C:\PS\rootsupd\ on the computer where the certificates will be manually updated.
3. Download the rootsupd.zip archive and extract the rootsupd.exe file from it.
4. Run the rootsupd.exe file with the following parameters:

5. Click No in the dialog window that opens:

6. After running the command, make sure that the folder contains the utility file, updroots.exe.
7. Install the latest root certificates using the updroots.exe utility. To do so, run the command: