I'm looking for a way to find out which certificates, whether machine level or user level, came preinstalled with Windows (when using official Microsoft ISO file to clean install the OS) and which certificates were installed afterwards, by 3rd party applications like AVs, administrator etc.
looking at the certificate stores, I can see and recognize popular CA names but I don't know all of them.
I hope there is a good method for this, hope IT admins or ITsec people don't have to remember all trusted CAs to recognize malicious/3rd party installed certificates.
I'm using Windows 11.
