I can't remember whether it was MacOS or Windows, but at least one OS will sometimes re-install a 'standard' CA certificate if you delete it. Setting 'never trust' is the most reliable way to kick out the CA as it ensures that it stays out.