How to remove the Surperfish-like ‘eDellRoot’ certificate from your Windows PC

Dell Foundation Services application injects self-signed certificate that opens security vulnerability on many Dell computers. Here's how you remove the eDellRoot certificate from your computer..

Dell XPS 13 update 2015

First was Lenovo, then Samsung, and now Dell is the third computer company putting customers at risk by installing a root certificate on a number of laptops leaving a security hole ready to be exploited.

Joe Nord, a computer programmer, was the first person coming across a new self-signed security root certificate named eDellRoot, who after a number of tests had determined that the certificate works very similar to the Lenovo incident with Superfish.

Perhaps the major concern is that the same certificate can be found on all affected computers, such as the Dell Inspiron 5000 and XPS 15. This means that without major difficulties an attacker can compromise every Dell computer that comes pre-installed with the certificate in question with the same private key.

Although, this is a major security problem for customers, Dell quickly acknowledged the problem and issue a statement reassuring that “customer security and privacy is a top concern.”

“Today we became aware that a certificate (eDellRoot), installed by our Dell Foundation Services application on our PCs, unintentionally introduced a security vulnerability. The certificate was implemented as part of a support tool and intended to make it faster and easier for our customers to service their system. Customer security and privacy is a top concern and priority for Dell; we deeply regret that this has happened and are taking steps to address it.”

The company also explains that the certificate is not a malware or adware. Instead, it’s used to provide the system service tag ID to the online support allowing a faster way to identify your computer information. Furthermore, according to Dell, the certificate “is not being used to collect personal customer information.”

Alongside the statement, Dell also issued a patch that anyone can download to automatically remove the eDellRoot from your computer, and a set of instructions if you prefer to remove the vulnerability manually.

Instructions

1 Open Task Manager by right clicking on the taskbar and select Task Manager.

2 Use the Windows key + R keyboard shortcut to open the Run command, type Services.msc and hit Enter.

3 Look for “Dell Foundation Services” and select it.

4 Click “Stop the service”.

5 Open “File Explorer” and navigate to c:\Program Files\Dell\Dell Foundation Services and delete the Dell.Foundation.Agent.Plugins.eDell.dll file.

6 You may be prompted with the warning. Click Continue to delete the file.

7 Use the Windows key + R keyboard shortcut to open the Run command, and type Certmgr.msc followed by the Enter key.

8 You may be prompted to allow the program to make changes to the computer. Click Yes.

9 When the certificate manager window opens, double click on “Trusted Root Certification Authorities” on the left panel. Then double click the Certificates folder.

10 Select the eDellRoot certificate from the right panel.

11 Delete the certificate by clicking the “X” icon in the toolbar.

WARNING: Make sure ONLY the “eDellRoot” certificate is selected like the example below before clicking the delete button. Deleting any other certificate may cause your system to function improperly.

12 You will be asked to confirm deletion of the eDellRoot certificate. Click Yes.

13 After deletion, the eDellRoot certificate should be removed from the certificate manager’s window.

14 Go back to the Services window and select “Dell Foundation Services” and click “Start the service”.

15 Close all windows that were opened.

It’s now becoming clear that you can’t trust any company, as such it’s important that whenever you purchase a new computer to perform a clean installation of the operating system, which will offer the safer Windows environment you can get. If you’re running Windows 10, you can refer to this previous guide to download the ISO files to perform a clean installation of the operating system. And if you’re running Windows 8.1 you can refer to these previous guide to download the clean ISO file from Microsoft servers and do a clean install of Windows.

Update, November 27, 2015: Microsoft has updated its free antivirus, Windows Defender to detect and permanently the potentially dangerous eDellRoot certificate. If you don’t know if you’re running the latest version of Windows Defender make sure to go to Settings > Update & security > Windows Update and check for new update.

Source Reddit, Dell