Asked by:
Remove Smart Screen warning from my application

-
Hello Team,
We have developed an open source application developed in hybrid arch using visual studio which is secured with the certificate of authenticity , but still we are getting Smart SCreen warning while running the installer. Can some one please guide us on how to fix the same ?
Regards,
Binu Kumar
Binu Kumar - MCP, MCITP, MCTS , MBA - IT , Director Aarbin Technology Pvt Ltd - Please remember to mark the replies as answers if they help and unmark them if they provide no help.
Question
All replies
-
Hi,
An Authenticode certificate may not be enough to establish reputation. And there are different kind of Authenticode certificates. The best are "Extended Validation (EV)" code signing certificates that "can immediately establish reputation with SmartScreen reputation services even if no prior reputation exists for that file or publisher"
See:
MS SmartScreen and Application Reputation
https://blog.digicert.com/ms-smartscreen-application-reputation/Microsoft SmartScreen & Extended Validation (EV) Code Signing Certificates
My portal and blog about VSX: http://www.visualstudioextensibility.com; Twitter: https://twitter.com/VSExtensibility; MZ-Tools productivity extension for Visual Studio: https://www.mztools.com
-
-
Hi,
No, certificates for code signing (setups) are different than certificates for SSL (web sites, https).
There are Extended Validation (EV) certificates in both cases.
My portal and blog about VSX: http://www.visualstudioextensibility.com; Twitter: https://twitter.com/VSExtensibility; MZ-Tools productivity extension for Visual Studio: https://www.mztools.com
-
-
Comodo announced Code Signing certificates with Extended Validation (EV) on December 2016 to be available on January 2017:
But I don't see EV-code signing certificates on their store:
https://www.instantssl.com/code-signing-certificate.html
So if you want Comodo, contact them.
Other providers such as Digicert have:
1) Normal code signing certificates:
https://www.digicert.com/code-signing/code-signing.htm
2) EV code signing certificates:
https://www.digicert.com/code-signing/ev-code-signing.htm
Notice that no "SSL" is involved.
My portal and blog about VSX: http://www.visualstudioextensibility.com; Twitter: https://twitter.com/VSExtensibility; MZ-Tools productivity extension for Visual Studio: https://www.mztools.com
- Proposed as answer by Fletch ZhouMicrosoft contingent staff Wednesday, March 29, 2017 4:34 AM
-
Currently, the standard Code Signing is not enough for avoid Smart Screen warning in the beginning. Only EV Code Signing can avoid avoid Smart Screen in the beginning. But, EV Code Signing need for a company but not individual. It's means if you are not a company M$ will blocking your software until 'We(M$) applied your software by somehow our some algorithms' even you buy a $200 standard code signing. But, even the standard for individual developer is not cheap right?
I have no idea why M$ so no friendly for individual developer or who individual want made money from it. Why not consider apple store? Buy a M$ developer license at year $99 and we will let the bored 'Smart Screen' warning away? Oh, sorry I forgot you are M$.
- Edited by Grey H Thursday, May 18, 2017 12:14 AM