Create content for SysInternals sigcheck certs

[jgstew]

Create content for sigcheck: https://twitter.com/swiftonsecurity/status/946532192460648448?s=21

sigcheck.exe -accepteula -c -nobanner -tv * -u

SigCheck will download the current Microsoft Trusted Root Store and look for any certificates not rooted by it that would be considered invalid on a default windows install. Any positive results are likely malicious or inappropriate (eDellRoot) and should be investigated.

Related:

• https://docs.microsoft.com/en-us/sysinternals/downloads/sigcheck
• https://forum.bigfix.com/t/working-to-detect-and-remove-the-edellroot-malicious-root-certificate/15089

[jgstew]

prefetch Sigcheck.zip sha1:8154a0f6b056a84be242e8e71ec1202a4258394d size:818361 https://download.sysinternals.com/files/Sigcheck.zip sha256:77df9c6b52d8defbad793569439b7d3c6b5e34f95ee12d0aac815b20ce0bba95

[jgstew]

Completed:

• https://github.com/jgstew/bigfix-content/blob/master/fixlet/Run%20SigCheck%20on%20cert%20store%20-%20Windows.bes
• https://github.com/jgstew/bigfix-content/blob/master/analyses/Sigcheck%20Results%20-%20Windows.bes