Disabling Certutil

Question

I am wondering what are the consequences of disabling certutil.exe on windows systems.

It seems that this option isn't event considered in the documentation or forums.

Can someone please elaborate on this?

The reason I am asking this is I am considering disabling it for security purposes as it allows to download files in a base64 format.

PowerShell can also deal with Base64-encoded data. certutil most certainly does not download stuff (except the trust list). I don’t think you’ll gain anything by disabling/removing it. // It probably has no effect at all. — Daniel B, Commented Aug 6, 2019 at 11:24
I could write a third-party application to download files in Base64 format. You are not going to achieve anything by removing this file from your system. You likely will create more problems. — Ramhound, Commented Aug 6, 2019 at 11:27
Thanks but my question is regarding Certutil and the implications of disabling it — Karma2402, Commented Aug 6, 2019 at 12:17
Remove it and test it? Whatever relies on it is going to be broken. There is no reason to consider that in the documentation of certutil but you'd have to check the documentation of every piece of software you're using. It's entirely dependent on what you use and do. — Seth, Commented Aug 6, 2019 at 12:30

harrymc · Accepted Answer · 2019-08-06 17:28:42Z

The article CertUtil.exe Could Allow Attackers To Download Malware While Bypassing AV gives details on the attack and suggests locking down certutil's access to the Internet.

This can be done via the Windows Defender Firewall:

Start Windows Defender Firewall with Advanced Security
Click on Outbound Rules
Click on Actions > New Rule...
Fill the details as:
- Rule Type : Program
- This program path : "C:\Windows\System32\certutil.exe"
- Action : Block the connection
- Profile : All
Give it a name and press Finish.

1 Answer 1