Always "unknown publisher"

I have compiled a Windows app in version 8.0 with Xojo2019r11-MBS19.4.
The first time it starts on Windows, the “unknown publisher” window is displayed, we say “yes” and the program starts and relaunches without this message, even after restarting the PC.
I am compiling a new version (v8.1) with Xojo2019r31-MBS20.4. Now Windows displays the message on every launch!
The user is Administrator of his Windows session, in both cases.
Same version of Windows 10.
What can happen so that my “yes” does not keep?

you need to “sign” your compiled application with a certificate. cf. Codesign for Windows. If you don’t sign it, I guess you can get all possible results. Even with signing I’m seeing the popup until it has been installed a couple of times by the customer.

I have noticed a change recently, last 6 months maybe, that code signed apps on windows are still showing unknown publisher unless they are code signed with EV certificates. This is the one with a dongle. Windows smartscreen kicks in and shows warning on normal code signed apps. I think the more your app is installed the better and then it might go away after time. Im not sure of what the trigger is.

That’s true but I can’t say what the threshold is. This might makes sense for large development companies, but not if you have - like me - a small customer base :-(, a bit of a nightmare.

Yeh. Even ksoftware (sectigo) recommend using the same (IE) browser to download your own app a decent number of times to assist with this trust element. There is an article on it on their site from memory.


I am in the same case of Marc, I need to sign my Win app but I work on mac, does someone know how to sign a .exe on Mac ?

I found this : but its “old”. I tryed it bur it don’t seems to work (I tryed with an Apple Cert, that maybe not the best idea).

I think Tim at Strawberry Software has tool to sign from Mac.

1 Like


1 Like

The issue you are running into is that Microsoft now keeps track of how many times an app is downloaded and installed. The first few will always get this extra warning because it’s so new.

We run into the same issue with the IDE from time to time, particularly when changing the major version each year.


I did read somewhere your app needs to be successfully downloaded and accepted to be installed by the user for about 50 times.

As far as I know it is reset when you have renewed your certs. Not when you release a major new version of your software. The certs are not linked to one software you release.

1 Like

But apparently from different IPs. I usually install and uninstall them many many times, when fine-tuning my installation routines, but this doesn’t help, probably due to my fix IP.

Yes, that’s true. It has no effect if you personally download your software several times. Different Windows accounts need to download and accept it. Not sure if it needs to be a difference IP though (but I guess that would be plausible).

1 Like

Of course you can ask people you know to download and install your software if it is not popular yet. :slight_smile:

1 Like

:slight_smile: - Well our “issue” is that we are dealing with many NPOs. They often have only 10 to 20 users … but those are paranoid seeing this screen … smart move Microsoft, very smart! :slight_smile:

Unfortunately this does not work. You will need a Microsoft Authenticode signing certificate. I’m the author of the above mentioned ExeWrapper, and I’m happy to help answer questions about signing for Windows.

As @Greg_O_Lone mentioned, apps need what I call “reputation score” to satisfy Smart Screen. It is true that you can get instant “reputation score” by signing your apps with an Extended Validation certificate.

It is not easy to sign with an EV dongle on Mac, but it is possible. I can help folks get squared away with that, just reach out or start a thread if you need help.