"Security Alert" certificate in windows, finding the problematic program

Question

You can see I have probably a hundred of these windows stacked up (given the soft shadow now a hard outline). I searched through superuser (here), tried chat GPT, no luck. I am trying to find the source of this security alert. How can I find out which application is causing it?

Surely there must be some clue somewhere, if not the exact answer?

For instance most programs can be checked in task manager to see the "Command line" for the process. But what about this, who is asking to visit something on *.gtmrsa.liiaws.net?

I tried checking windows event logs, but found nothing. A security alert seems an ideal thing to store there given how granular some of the events are.

I understand I might try some sort of network monitoring tool and filter by the domain. This feels backwards. Again, shouldn't we be able to tell who wants to talk to this strange external entity rather simply?

Alternative solutions welcome, but ideally there's a prescribed method not widely known.

Answer 1

Though this is a standard dialog generated by some Windows functionality, it is likely still associated with the “host program”. Here’s a different example, with the delete confirmation dialog:

Though this is clearly a standard delete confirmation dialog as you’d see it in Explorer, the window is still “owned” by Notepad++.

To find out what’s opening the dialog, you can use a tool that lets you pick a window and reveals the process that opened it. One such tool is Process Explorer. You can use the crosshairs tool to do this, just drag it to the window in question:

After you let go of the crosshairs, Process Explorer will highlight in its list the process that opened the window.