Hi, I'm Elise, and I'd be happy to help with your issue.
There isn't really a supported way of doing this, basically you need to identify which certificate have been added and then just delete them.
If you download the sigcheck utility from here:
https://docs.microsoft.com/en-us/sysinternals/d...
You can then locate the source of the certificate and see which once have been added manually by yourself and which are the default.
This article and thread go into more detail and give advise on how best to do this, but it is still essentially a manual process.
http://woshub.com/how-to-check-trusted-root-cer...
https://security.stackexchange.com/questions/71...
Please let me know if you need any further assistance.
Kind Regards,
Elise
Note: This is a non-Microsoft website. The page appears to be providing accurate, safe information. Watch out for ads on the site that may advertise products frequently classified as a PUP (Potentially Unwanted Products). Thoroughly research any product advertised on the site before you decide to download and install it.