none
Why Windows Defender SmartScreen does not show publisher name of a signed executable?

    Question

  • Hello,

    I have purchased a Standard Code Signing certificate from Digicert and I do not understand why my executable, although signed with a certificate from a trusted CA is displayed as Unknown Publisher by Windows Defender SmartScreen.


    If I disable "Check applications and files" in "Control applications and browser" of the "Windows Defender Security Center" of Windows 10, my editor name appears correctly in the "Open File - Warning security"

    https://i.imgur.com/uN7rdWe.png

    So, I'd really like to understand why the SmartScreen filter in Windows Defender still says Unknown Publisher.

    I understand that the SmartScreen filter is based on a reputation system and I do not question the actual display of the warning message (as my Code Signing certificate is not an EV one) but the fact that the name of the publisher is indicated as Unknown Publisher, whereas a valid signature is present.

    In the hope of finding a solution with your help,

    Best regards,


    Saturday, October 14, 2017 3:18 PM

All replies

  • Hi,

    Thank you for posting here.

    Did you consult the commercial certificate vendor support?

    Did you Create a certificate by using Certificate Services  or   Create a certificate by using MakeCert  .

    For using makecert.

    To create a certificate by using MakeCert

    1. Open a WDK Build Environment command prompt by using the Run as administrator option. To do so, right-click the appropriate Build Environment shortcut in your Start menu, and click Run as administrator.

    2. At the Build Environment command prompt, type the following command on a single line (it might appear here on multiple lines due to space limitations):

      makecert -r -n "CN=                     My Certificate Name                     " -ss                      MyCertificateStore                     -sr localmachine

    The current forum just discuss application compatibility testing, common compatibility issues, and best practices for creating Windows-based applications.

    I am not sure whether the issue is related to development software.  I will move the case to off-topic.

    Best Regards,

    Hart

                


    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Monday, October 16, 2017 2:27 AM
    Moderator
  • Hi,

    Thanks for taking the time to respond.

    Yes, I am in touch with Digicert support but so far, they were not able to help me solve my problem.

    The certificate has been created by Digicert through my browser (Internet Explorer), so I have no idea what technique they use.

    I am signing with latest version available of Sign Tool (v 10.016299.15) for Windows 10 SDK Kit on Windows 10 Pro edition (version 1709, build 16299.15).
    I have tried to sign with sha256, sha1 and dual sign both sha1 and sha256 but nothing get rid of the Unknow Publisher from SmartScreen filter in Windows Defender.
    Again, it works well with the "Open File - Warning security" dialog box.

    Trying to investigate, I have downloaded an HyperV virtual machine of Windows 10 on https://developer.microsoft.com/en-us/microsoft-edge/tools/vms/
    On that machine (Windows 10 Enterprise Evaluation, version 1703, build 15063.0), it works just fine and my publisher name appear on my signed executable like it should on Windows Defender SmartScreen warning dialog.

    So, I do not really know how to solve this problem on the latest build (version 1709, build 16299.15 ; also not working on build 16299.19 - just got the update) but that's a clue.

    PS : I am new here and wasn't sure about the right forum to post ; feel free to move thread if necessary.


    Monday, October 16, 2017 10:36 AM
  • Hi,

    >>On that machine (Windows 10 Enterprise Evaluation, version 1703, build 15063.0), it works just fine and my publisher name appear on my signed executable like it should on Windows Defender SmartScreen warning dialog.

    According to your description, the issue seems to be bug on windows version 1709. you can consult the issue on connect website that will handle bug issue.

    Best Regards,

    Hart


    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Wednesday, October 18, 2017 8:37 AM
    Moderator
  • Thanks for your reply.

    I tried to find the issue on connect but does not found it. It seems that I does not have proper permission I think.

    Can you please give me the direct URL of the issue ?

    Best Regards,

    Jean

    Wednesday, October 18, 2017 9:41 AM
  • Hi,

    >>the issue seems to be bug on windows version 1709

    You need to provide your feedback on connect about the issue. then the connect website supporter will test the issue 

    https://connect.microsoft.com/ .

    Best Regards,

    Hart


    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Wednesday, October 18, 2017 9:46 AM
    Moderator
  • Hi,

    Thanks, I understand, but unfortunately, there is no product related to my issue in the listing.

    https://social.msdn.microsoft.com/Forums/getfile/1146735

    Do I need an invite code ?

    Thanks

    Wednesday, October 18, 2017 10:09 AM
  • Hi,

    Thank you for your feedback. 

    Based on my search, i also cannot find a properly forum for your issue, you can provide your advice on user voice website.

    Best Regards,

    Hart



    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Thursday, October 19, 2017 6:53 AM
    Moderator
  • Thanks for your reply.

    Unfortunately, the user voice site was only related to suggestions/issues with MSDN site and is now closed.

    The 1709 is now rolled out and the problem persist.

    Is there any way to solve this. That issue should not be...

    Tuesday, October 24, 2017 7:39 AM
  • I have posted here : https://wpdev.uservoice.com/forums/110705-universal-windows-platform/suggestions/31999027-windows-defender-smartscreen-does-not-show-publish
    Tuesday, October 24, 2017 8:49 AM
  • It is really unbelievable that no one from Microsoft is able to provide a simple answer for that despite posting on Technet forums, MSDN forums, Uservoice, Twitter etc.

    So, yes, basically, you can ask ... but no one reply :S

    Tuesday, November 7, 2017 10:13 AM
  • To start, the lack of proper response to Jean Traullé's enquiry anywhere is, quite frankly, unacceptable. It really shouldn't be this hard to find out what was changed in SmartScreen recently and could cause an issue like this. Based on the symptoms, this clearly isn't a certificate vendor issue, but a Microsoft issue.

    I'd like to add to this, although it's pretty much a repetition of what Jean Traullé has already reported: It's affecting all our signed executables. And yes, it also happens with single file executables where no CAB is involved. It also only started occurring in version 1709, where SmartScreen now fails to show the publisher on the exact same executables that had publisher showing properly on the previous version. UAC prompts continue to show the publisher as expected.

    This is affecting our entire business - we cannot get around this through GP, since these executables are meant for employees when they're not on the domain. And they get uneasy (as well they should) when SmartScreen suddenly decides to display "Unknown Publisher" out of nowhere. It happens consistently on every Windows 10 PC that has been updated to 1709, while every PC that's still on 1703 shows the publisher just fine.


    Thursday, December 7, 2017 11:11 PM