kilitary

What windows version u have?

I do not see it is revoked or not. If you have win7/10 installed why you do not have io.sys in root directory? What means "All issuance policies" ? Does it mean this certificate can be used to sign exe/sys?

Okay maybe. Look, i am having certificate that is revoked (i do not know why, maybe private key stolen). Why it exist on my computer? https://prnt.sc/qvqrwl

I disabled automatic updating because spyed by russian FSS. What u mean? What router? I am using windows 10 wich have its root CA's and certs.

FBI/CIA CA's allows sign any sys, mitm any site. (did not found edit post input type=button)

There is no absolutely any document on the network which contain CURRENT stage of updating & checking for source of certs. Kaspersky looks like owned. Microsoft root certs contain FBI/CIA CA's that disables wdfilter.sys/wdboot.sys at boot. Really these two loads AFTER all drivers loaded. Anyone knew the solution how to get clean root cert CA's and not get infected & pwned?