I codesigned my .exe file, uploaded it to my server.
Downloading that file and executing still gives a warning the .exe is not being trusted.
When clicking on ‘more…’ it reveals my company name and asks to run or not.
Why is this? I bought a Windows codesign license to get past this, not to show my apps are still not ‘trusted’
BTW doing a verification does confirm the .exe is codesigned.
Windows and the certificate is certainly valid (kSoftware/Comodo).
When you download and run the .exe file, it warns it isn’t downloaded enough and it can be harmful for your system.
When clicking on More -> it displays my company name and asks to run or not.
I confirm the issue. I made sure to code sign both the app and the DLLs with y Comodo certificate, but yet I get the warning and the request to enter the administrator password. It looks as though Windows now requires an Authenticode certificate to execute a program like that.
BUT my current programs which I signed than put into an installer itself signed with Comodo do not trigger the warning.
So what you want to do is to make an installer for your program.
[quote=163621:@Christoph De Vocht]I already use an installer (and signed the setup.exe) .
It does not ask for an admin password but it does give a warning.[/quote]
The fact that Windows asks for permission to install is normal. If the installer is signed, you get a blue window. If it is not signed, you get a yellow window with a warning.
This is normal as Microsoft has his own “trusted developers” database and signing the exe doesn’t mean immediate trusting.
As far as I know and my experience it takes a few months and some thousand of downloads / installs to get trusted by MS but they are no official details.
Once you are trusted the blue window doesn’t appear any more and also other applications you develop and sign with the same signature are faster trusted.
[quote=164281:@Alejandro Fresno Meyer]This is normal as Microsoft has his own “trusted developers” database and signing the exe doesn’t mean immediate trusting.
As far as I know and my experience it takes a few months and some thousand of downloads / installs to get trusted by MS but they are no official details.
Once you are trusted the blue window doesn’t appear any more and also other applications you develop and sign with the same signature are faster trusted.[/quote]
I have been a Windows developer for ages and know Msdn very well, but this is the first time I read that. As far as I know Microsoft has no way to gather information about the number of downloads and probably does not care. Neither does it get information about installs of individual programs.
The SmartScreen blue bar will not appear for installers which are signed, just the small confirmation box “Do you want this program to modify your system”.
It is possible that “naked” programs that have not been installed or generated on the machines (as if by Xojo) get flagged by SmartScreen (the blue bar) even if they are signed because they have no registry key. By the way, how come the debug programs created by Xojo, although not signed, do not trigger SmartScreen ?
And smartscreen appears even after having signed an application except if you are a well known publisher and whitelisted, this has been discussed at MS forums.
Debug programs won’t trigger SmartScreen because they have not been downloaded.
Thanks Frederick. Indeed this is great. I see for instance that GlobalSign is just $175.00 a year as compared to VS the ripper’s $599.00.
This is very interesting to get listed on the Windows Store through the onboarding program which requires authenticode. But yet I wonder if another company than Verisign is OK, since all along they repeat Authenticode from Verisign.
Back on the original subject, though, the page for authenticode shows the classic blue confirmation box “Do you want to install this software” with the name of the developer I currently get from Comodo. And none of my apps triggers SmartScreen anyway.
[quote=163615:@Christoph De Vocht]Windows and the certificate is certainly valid (kSoftware/Comodo).
When you download and run the .exe file, it warns it isn’t downloaded enough and it can be harmful for your system.
When clicking on More -> it displays my company name and asks to run or not.[/quote]
I’ve had this message after downloading software from my server too. But after a couple of days and approx 100 downloads from different clients this message disapperad without any action. I’ve never found out why and assumed that Microsoft just updated their Smartscreen Whitelist after a certain amount of downloads from a given domain.
it’s frustrating that for most part of important matters we should buy external tools. With Gatekeeper and Smartscreen a development tool SHOULD have in IDE function to sign the software
KSign is free but is a general question, thank you.