Hi there.
Here my situation: I build an app with Xojo latest version on my Mac, then in a virtual machine with Windows updated to the latest version, I run innosetup to build the installer. Then I zip the installer.
So when my customers try to run the installer, a message appears “Protected pc… Windows defender stopped an unknown app. The execution can be dangerous for the pc”. And only one button is available: “Not run” (my Windows is in Italian language, so the original English message may be different).
That tutorial ends when I have to download and install " Windows Desktop App Converter Base Images" from this url https://www.microsoft.com/en-us/software-download/dac#! - I have a lot of errors during install, I think because of the different windows version (supported 17763 or 17134 and my installed Win is 19042).
So, anyone can help me on how to solve that problem? I think I have to create and install Microsoft certificates but how? And I’ll have to codesign the exe and the installer too, but how?
Even if your app is code signed, you will run into this problem , both with Windows defender, and with a variety of so-called ‘reputation services’ built in to virus checkers. (Essentially: we have never heard of you so we will just delete your app because we assume our customers dont know what they are doing)
For Windows Defender, there would normally be a ‘Run Anyway’ option, and sometimes you need to go through ‘More Info’ to reach it.
Some systems are so tightly tied down that even this is not available.
And you need to get the recipient to allow installs.
To fix that problem, open Windows Defender and go to App & Browser Control. Under ‘Check apps and files’, select the ‘Warn’ option instead of the ‘Block’ option.
If this is the message your users are seeing, they can click the “More Info” link and a button will appear at the bottom allowing them to run the installer. As @kevin_g says, you should sign your app and isntaller.
You need to purchase a MS-Windows code signing certificate and then use a tool / command line to code sign your application executable before it is added into InnoSetup and then the installer executable after it has been created by InnoSetup. I’m sure there will be various postings on the forum describing the exact steps.
NOTE. Even when code signed, your download can still be blocked until it has earned trust which I think is based on how many people have downloaded it. To avoid this problem you can purchase a more expensive EV Code Signing Certificate which normally comes with some kind of USB Dongle.
Sadly, you will find that you will have to.
I’ve been selling software to end users for 30 years, and it only gets harder every year.
All my stuff is code signed and notarised, and I get a question like this at least twice a week.
As soon as you sell to end users, you will find yourself having to diagnose every kind of problem they have with their machines.
Thanks to all for now. You all make the situation a little bit more clear for me. So I’m going to buy the OV certificate (cheapest, for my projects I can’t spend 349$)…
I’ll let you know soon. I think I’ll have more doubts in the next future.
Time to make a company, I have an LLC now and though it’s just the two of us, it was enough to quality for an EV cert. And the EV does stop Windows from screaming too much - it just shows the name of the company and lets you continue.
Im in the UK
I have a Limited company but its not apparently ‘good enough’ for the authorities. The paperwork they ask for is all American stuff, last time I looked.
