How to update root certificates for Kaspersky Embedded Systems Security 2.0 manually
We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.
Accept and close



Kaspersky Embedded Systems Security 2.0


How to update root certificates for Kaspersky Embedded Systems Security 2.0 manually

Back to "Troubleshooting"
2018 Nov 05 ID: 13727


Kaspersky Embedded Systems Security 2.0 may function with errors on operating systems which are not supported by Microsoft and do not receive regular updates. The errors occur because the root certificates are outdated. 

Possible errors:

  • The Applications Launch Control rules work incorrectly for applications identified as trusted according to the certificate in the operating system. The system may block Kaspersky Embedded Systems Security 2.0 if the Applications Launch Control component is configured the following way:
    • The mode of active rule application.
    • No additional rules for Kaspersky Embedded Systems Security 2.0 based on other characteristics than a digital certificate.
  • Automatic generating of Applications Launch Control rules allowing access when the trusted certificate is detected (the application uses SHA256).
  • False critical event entries on corrupted components are generated after running the Software Modules Integrity Check task.


Update the root certificates manually:

  1. Create the list of last root certificates on a computer running Windows 10 which is regularly updated. To do so, run the following command:
certutil.exe -generateSSTFromWU roots.sst
  1. Move the roots.sst file to the folder C:\PS\rootsupd\ on the computer where the certificates will be manually updated.
  2. Download the archive and extract the rootsupd.exe file from it.
  3. Run the rootsupd.exe file with the following parameters:
rootsupd.exe /c /t: C:\PS\rootsupd
  1. After running the command, make sure that the folder contains the utility file, updroots.exe.
  2. Install the latest root certificates using the updroots.exe utility: To do so, run the following command:
updroots.exe roots.sst

The root certificates will be updated.

Was this information helpful?
Yes No
Thank you


Have you found what you were looking for?

Please let us know how we can make this website more comfortable for you

Send feedback Send feedback

Thank you!

Thank you for submitting your feedback.
We will review your feedback shortly.


How can we improve this article?

We will not be able to contact you if you leave your email address or phone number. To contact technical support, please sign in to your Personal Account.

Submit Submit

Thank you for your feedback!

Your suggestions will help improve this article.