3

I have some windows installers hosted on Github for an open-source project that I curate. When downloading them, the "this file is not commonly downlaoded" warning appears, and if you run the installer in spite of that, you get a "windows smartscreen prevented an unauthorized app from starting" message (all this before User Access Controls kick in).

There are other questions and answers which say this is a problem only for unsigned installers, so I bought certificates and signed the installers. This has still not gotten rid of the warning.

Are there additional requirements to binary signing to prevent this warning? What's the best way to eliminate it?

Community
  • 1
  • 1
Nicolas Holthaus
  • 7,763
  • 4
  • 42
  • 97

1 Answers1

3

You will actually need to get a class 3 Certificate (EV) Code Signing Certificate, this will allow the software to be recognized and verified.

Don't get sucked into "Code Signing Certifcates" that are class 2 from sites that say they will meet this requirement not to mention anynames like "Godaddy". These are SSL certificates that will work on websites (most) but not on software. You will continue to get the error and inability to install with out user intervention.

Class 3 certificates are a step above the Class 2. Class 2 does not require “Extended Validation”. However the “EV” code signing certificates combine all of the regular benefits of digitally-signed code with a rigorous extended validation process. They represent the gold standard for authentication and security in code signing certificates.

EV code signing certificates adhere to strict validation standards from the CA/Browser Forum and to Microsoft specifications. Enhanced authentication is provided via an encrypted token containing the private key.

Jens A. Koch
  • 39,862
  • 13
  • 113
  • 141
David W. Rooker
  • 71
  • 1