Now Reading
Windows Defender removes Dell’s eDellRoot certificate from affected computers

Windows Defender removes Dell’s eDellRoot certificate from affected computers

by AshwinNovember 28, 2015

Earlier this week, we reported that renowned PC manufacturer, Dell had pre-loaded some of its computers with a certificate, which is self-signed by the company.

Windows Defender scans and removes eDellRoot

The issue is, that it poses a huge security threat as the certificate, can be ahcked by an attacker quite easily.

This in turn puts the user’s PC at great risk, as any connection which appears to be a secure connection, i.e., encrypted, may in fact be spied upon by an attacker. The vulnerability was spotted a programmer, whoi published his findings online. Soon after news of this spread like wildfire, and eventually reached the ears of the very company concerned, Dell.

The company has already officially acknowledged the issue, and apologised to users for the difficulties caused. But Dell did shed some light about the issue, and stated that it wasn’t using the “eDellRoot” certificate, to collect any personal information from its users, and instead it was only put in to the systems, for tech support purposes. Apparently the certificate was designed to allow Dell’s tech teams to quickly identify the model of the PC.

Dell had promised to roll out an update to its computers, which would remove the insecure certificate. We are not sure whether the update has been rolled out to all users, but that isn’t much of a concern as another company has stepped in to save the day, or at least some users.

Enter Microsoft to the rescue. The Redmond Company has taken it as a responsibility to keep its users safe, and has rolled out a definition update to its malware removal app, Windows Defender, which can now scan for the eDellRoot certificate. Users on Reddit say that it is being detected as the Win32/CompromisedCert.D malware.

Yes, the root certificate is indeed malware, and is rightfully being flagged as a PUA (Potentially Unwanted Application).

Once detected, Windows Defender automatically removes the threat. This move has drawn in some praise from Redditors, who have applauded Windows Defender’s capabilities and its improved detection and removal rate. Microsoft has also posted an official page regarding the malware, at its Malware Protection Center.

The best part is that, the Redmond Company has rolled out the deinition update to not just one, but to all of its security tools, which are now capable of removing the new malware. This includes Windows Defender for Windows 10 and 8.1, Microsoft Security Essentials for Windows 7 and Vista, Microsoft Safety Scanner and the Microsoft Windows Malicious Software Removal Tool.