eDellRootCertFix.exe Dell Certificate misery

Hi all,

Any chance you guys are working on a package for removing the Dell Foundation stuff and most important the crazy certificate they added?





Date Votes
  • Hi Jelle,

    We haven't been working on that package, but I know you have :)

    Were you able to get your deployment to work successfully? If so, would you mind sharing how?

  • Customer responded on a support ticket that this was their solution. 

    Run the cert removal script:

    certutil.exe -delstore root "6b c5 7b 95 18 93 aa 97 4b 62 4a c0 88 fc 3b b6"

    And if you want to remove the Dell foundation services altogether you can run the following uninstall scripts:

    MsiExec.exe /qn /norestart /X{6D790340-C6A7-4009-9FB0-FAC1318A6CE9}

    MsiExec.exe /qn /norestart /X{8C483C4D-F346-4469-8221-90F2FB9FC9B1}

    MsiExec.exe /qn /norestart /X{B1714996-891A-43D2-8B83-CCFB2EC53978}

    MsiExec.exe /qn /norestart /X{D605CD24-103D-4DB6-B572-653851213C46}


    First one should be enough to get the computers safe the uninstalls just remove the (bloat)Dell Foundation Software.

    *** This is not supported nor has this been tested by Admin Arsenal. ***

  • just an UPDATE. Microsoft has added the certificate to be removed from computers so it should start getting cleared out on its own.

    However, Dell pushed out a patch to fix the root cert issue and now the patch has introduced something new and opens up all of the computers to executing WMIC commands from remote computers and output everything back to them. or simply visiting a site setup to attack this exploit.


    if you have the dell foundation services installed, it should be remove!

  • Hi all,

    Thanks for the help!


Please sign in to leave a comment.

Didn't find what you were looking for?

New post