locked
I Am Create A Program With Visual Studio vb.net Form But My Program gives Smart Screen Error RRS feed

  • Question

  • Sorry For My Bad English I am created a basic program with visual studio 2015 but my program gives Smart Screen Protect

    My Program Is Not Vırus or other But My Program Gives Smart Screen PROTECT Error the Other Computers

    Why I am seeing this problem

    Thursday, September 24, 2015 8:59 PM

Answers

  • Smart Screen advises the end user that your code is not verifiable, and your code has no reputation (no insult to you personally).  You will need to digitally sign your code.  Even Microsoft code will trigger Smart Screen protection, this is just a process to make the code less exploitable and really no way around it.

    Why?

    Without a secure certificate the Smart Screen will trigger and then not allow the code to run as it could be a virus or an exploit, without input from the user.  Your endusers hopefully will be trained to view the smart screen as a something they can't just accept without thinking about it. 

    To prevent this the Smart Screen needs to be able to establish your "reputation", which is done via "signing your code".

    To do this you will need to follow this process:

    How does this work?

    1. You can ensure an assembly's identity by signing it; to sign the assembly: you do this by employing public-key infrastructure algorithms. 

    2. When you ensure the assembly's identity by signing it; the assembly manifests are hashed & signed with a private key.

    3. Once an assembly is opened by the enduser, the hashed value is calculated & compared with the hashed value stored in the assembly.

    4. Finally, runtime hash value matches the hard-coded hash, the installation is allowed to continue, otherwise the Smart Screen protection is fired.

    Simple as that, there may be third party costs for miscellaneous but important items and tools.

    Appendix:

    • The public key is by design incorporated into the assembly when it is signed,
    • Your clients can verify the strong name of the public key
    • A .NET Framework SDK utility, the Strong Name tool (Sn.exe), is used to build strong-name key files.  To get started go to: Security executable cheat sheet.


    Sam Stokes

    Friday, September 25, 2015 4:53 PM