certenroll.log file

I'm getting constant entries in this log file. And 2nd issue it's in my home folder.
Does anyone know what this is?

Here's the contents:


================================================== ======================
402.534.948: Begin: 5/16/2015 7:19 PM 03.985s
402.539.0: taskhostw.exe
402.543.0: GMT - 4.00
2005.228.0: certca.dll: 10.0.10074.0 retail
2005.228.0: certenroll.dll: 10.0.10074.0 retail
2004.622.0:2015/5/16, 19:19:04: 0x80070005 (WIN32: 5 ERROR_ACCESS_DENIED)
402.379.949: End: 5/16/2015 7:19 PM 04.735s

Maybe it's just your system.

"Big_Al" escreveu na mensagem ...

I'm getting constant entries in this log file. And 2nd issue it's in my
home folder.
Does anyone know what this is?

Here's the contents:


================================================== ======================
402.534.948: Begin: 5/16/2015 7:19 PM 03.985s
402.539.0: taskhostw.exe
402.543.0: GMT - 4.00
2005.228.0: certca.dll: 10.0.10074.0 retail
2005.228.0: certenroll.dll: 10.0.10074.0 retail
2004.622.0:2015/5/16, 19:19:04: 0x80070005 (WIN32: 5 ERROR_ACCESS_DENIED)
402.379.949: End: 5/16/2015 7:19 PM 04.735s

Big_Al wrote:
I'm getting constant entries in this log file. And 2nd issue it's in
my home folder.
Does anyone know what this is?

Here's the contents:


================================================== ======================
402.534.948: Begin: 5/16/2015 7:19 PM 03.985s
402.539.0: taskhostw.exe
402.543.0: GMT - 4.00
2005.228.0: certca.dll: 10.0.10074.0 retail
2005.228.0: certenroll.dll: 10.0.10074.0 retail
2004.622.0:2015/5/16, 19:19:04: 0x80070005 (WIN32: 5 ERROR_ACCESS_DENIED)
402.379.949: End: 5/16/2015 7:19 PM 04.735s

The topic shows up here.

https://msdn.microsoft.com/en-us/lib...(v=vs.85).aspx

Windows Desktop Apps : Develop Desktop technologies :
Security and Identity : Certificate Enrollment API :
About the Certificate Enrollment API : Public Key Infrastructure

"The Certificate Enrollment API enables you to submit certificate
and key archival requests to certification and registration
authorities and install the issued certificate on a local computer.

It does not enable you to directly manipulate the certificate database
or certificate store."

The search engines produced relative garbage when just fed

certenroll Win10

Including a site search

certenroll site:microsoft.com

got me that technical article.

I guess my first step, would be correlating the log entry,
with the software I was using. Then including that
software (browser or email client) as a search term.

Obviously, something doesn't have the permissions it needs
to carry out the operation. The fact the log is ending up
in your home directory, instead of a system folder, kinda
tells you the same thing. Then the question would be, can
such commands be issued by ordinary users, and when they are,
what happens. Since the info on certenroll doesn't
give any concrete, real-world examples, I can't really
tell you what the certificate might be for. Is it part
of SSL/TLS ? HTTPS ? Or something else ?

I can't tell if this is malware, or just some silly software
that didn't get installed right. The first search I did,
produced garbage results, so I couldn't even draw
a conclusion from that, whether this was an exploit
vector or not.

Paul

Paul wrote on 5/17/2015 6:24 AM:
Big_Al wrote:
I'm getting constant entries in this log file. And 2nd issue it's in my home folder.
Does anyone know what this is?

Here's the contents:


================================================== ======================
402.534.948: Begin: 5/16/2015 7:19 PM 03.985s
402.539.0: taskhostw.exe
402.543.0: GMT - 4.00
2005.228.0: certca.dll: 10.0.10074.0 retail
2005.228.0: certenroll.dll: 10.0.10074.0 retail
2004.622.0:2015/5/16, 19:19:04: 0x80070005 (WIN32: 5 ERROR_ACCESS_DENIED)
402.379.949: End: 5/16/2015 7:19 PM 04.735s

The topic shows up here.

https://msdn.microsoft.com/en-us/lib...(v=vs.85).aspx

Windows Desktop Apps : Develop Desktop technologies :
Security and Identity : Certificate Enrollment API :
About the Certificate Enrollment API : Public Key Infrastructure

"The Certificate Enrollment API enables you to submit certificate
and key archival requests to certification and registration
authorities and install the issued certificate on a local computer.

It does not enable you to directly manipulate the certificate database
or certificate store."

The search engines produced relative garbage when just fed

certenroll Win10

Including a site search

certenroll site:microsoft.com

got me that technical article.

I guess my first step, would be correlating the log entry,
with the software I was using. Then including that
software (browser or email client) as a search term.

Obviously, something doesn't have the permissions it needs
to carry out the operation. The fact the log is ending up
in your home directory, instead of a system folder, kinda
tells you the same thing. Then the question would be, can
such commands be issued by ordinary users, and when they are,
what happens. Since the info on certenroll doesn't
give any concrete, real-world examples, I can't really
tell you what the certificate might be for. Is it part
of SSL/TLS ? HTTPS ? Or something else ?

I can't tell if this is malware, or just some silly software
that didn't get installed right. The first search I did,
produced garbage results, so I couldn't even draw
a conclusion from that, whether this was an exploit
vector or not.

Paul


Thanks. I'll try some of your tweaks to google search too and see if I can find out. I may just go down my list of
software and run a few things to see if it causes more logs.