How to update root certificates for Kaspersky Embedded Systems Security 2.0 manually
Kaspersky Embedded Systems Security 2.0 may function with errors on operating systems which are not supported by Microsoft and do not receive regular updates. The errors occur because the root certificates are outdated.
- The Applications Launch Control rules work incorrectly for applications identified as trusted according to the certificate in the operating system. The system may block Kaspersky Embedded Systems Security 2.0 if the Applications Launch Control component is configured the following way:
- The mode of active rule application.
- No additional rules for Kaspersky Embedded Systems Security 2.0 based on other characteristics than a digital certificate.
- Automatic generating of Applications Launch Control rules allowing access when the trusted certificate is detected (the application uses SHA256).
- False critical event entries on corrupted components are generated after running the Software Modules Integrity Check task.
Update the root certificates manually:
- Create the list of last root certificates on a computer running Windows 10 which is regularly updated. To do so, run the following command:
- Move the roots.sst file to the folder C:\PS\rootsupd\ on the computer where the certificates will be manually updated.
- Download the rootsupd.zip archive and extract the rootsupd.exe file from it.
- Run the rootsupd.exe file with the following parameters:
- Click No in the dialog window that opens:
- After running the command, make sure that the folder contains the utility file, updroots.exe.
- Install the latest root certificates using the updroots.exe utility: To do so, run the following command:
The root certificates will be updated.