3

So I have my own application, "main.exe". In some computers where the security level is higher it will display a warning because of the "unknown publisher".

Unknown publisher warning

I am trying to "bypass" it.

Now I know that the right way to do it is to sign the assembly buy a certificate and be a known publisher then it will not display this warning, but certificates are not cheap.

My question is, Is there a way were I can run a different exe (like an installer) that I will build in vb.net/C#, That will mark somehow my application "main.exe" as "safe to run" or "trusted"? so it will run without the warning msg in all the computers.

Important note - The "installer" will run with admin privileges.

Green Fire
  • 720
  • 1
  • 8
  • 21
  • Without knowing if this is possible or not... wouldn't this defeat the purpose of the "safe" system anyway? I would think that if windows didn't catch it, any antivirus worth it's salt would. – Dallen Jul 30 '16 at 16:15
  • @Dallen if you run an exe with an unknown publisher as admin it will ask you for admin privilege and if you agree (The UAC msg) it will not show you the warning msg. Basically I want to make an exe like that were you start the installer 1 time as admin and it will mark my application as trusted. I dont see where I break the "safe" system here. – Green Fire Jul 30 '16 at 16:18
  • It might violate (without knowing the exacts) because there should be no way for an application to mark another application safe. It doesn't ask you because you are using admin permissions so that should suffice that you think it is safe. However the system is designed to keep apps you download from the internet from running in the background and stealing data without you knowing. – Dallen Jul 30 '16 at 16:23
  • @Dallen I understand what you are saying and there is some logic in it, but I can still say that in the moment you give an application admin privilege it can do "un-safe" things already. – Green Fire Jul 30 '16 at 16:34
  • Possible duplicate of [How to pass the smart screen on Win8 when install a signed application?](http://stackoverflow.com/questions/12311203/how-to-pass-the-smart-screen-on-win8-when-install-a-signed-application) – Athari Jul 30 '16 at 21:12
  • @Squidward I clearly state that I want to do it programmatically without signing the assembly and getting a certificate. – Green Fire Jul 30 '16 at 22:56
  • @GreenFire There's no other way. Even a costly certificate won't immediately help you. You can ask users to click "More info" and "Run anyway", I guess. – Athari Jul 30 '16 at 22:59

2 Answers2

3

The only right answer to this problem can be found here at the Microsoft blog.

It is all about reputation. This means, you need to properly sign your executable with an official cerificate signed by a CA like Comodo or Verisign. This is needed so that your reputation as a publisher can be tracked. After that you need to build reputation. That simply takes time, the more your software is installed, the higher the chance that you get trusted by the smart screen filter.

If you need a trusted executable as soon as possible, in other words, now... Buy yourself an Extended Validation or EV Code Signing certificate. As said in the Microsoft blog post, building reputation isn't necessary then:

"...Programs signed by an EV code signing certificate can immediately establish reputation..."

Ton Snoei
  • 2,637
  • 22
  • 23
2

After a lot of trying I got to a very good workaround!

I found this Visual Studio 2015 Installer Projects here: https://visualstudiogallery.msdn.microsoft.com/f1cc3f3e-c300-40a7-8797-c509fb8933b9

Witch gives you the option to create and installer to your project.

After downloading and installing this addons you will be able to add an installer project to your main project.

Selection of a Setup Project

Then you need to select what project will the installer install: Project Selection for Setup

Then you can build this installer project and you get 2 installation files: enter image description here

And then you are done!

Now you can run the setup.exe without any warning msg about the "unknown publisher", important to note that you must start the Setup.exe and not Setup.msi and when starting the Setup.exe you must have the Setup.msi in the same folder. While it installs your app it will request admin privileges but it will not give you a scary warning msg about "this is an un-safe application".

After your app is installed you will be able to run it (from the location you set the installing to), and by running it I mean that in the installation directory you will have your app exe file and you can run it without any warning msgs.

So basically what is happening is you only must give admin privileges when the installer starts the installation but after that you app will be trusted and will run without any msgs.

About the Setup.exe and Setup.msi you can join them two a 1 exe using IExpress.

Green Fire
  • 720
  • 1
  • 8
  • 21