Stregor 0 Posted May 21, 2021 Hi guys, My old Code Signing certificate (trusted by Smart Screen) was expired. I bought the new one (from Comodo/Sectigo), and with it i bought a problems with Windows Smart Screen. In Win10 and in Edge browser my customers see, that my software installer is a risky and can potentially damage computer. Discourage :( My company has no many customers. So rebuild trust will take a lot of time. Is a way to speed up that process? Submit a file for malware analysis - Microsoft Security Intelligence is a correct way or maybe exists different, better way? Share this post Link to post
Keesver 23 Posted May 22, 2021 (edited) We are using EV (extended validation) code signing certificates to add trust, this should prevent Windows from asking additional confirmation when installing our software. In addition, when the certificate is renewed, trust statistics are kept because the new certificate is recognized as being the same as the 'old' one. Requesting such a certificate requires extra steps during the certification process. (I can send you an installation url if you want to see how this works out) Edited May 22, 2021 by Keesver Share this post Link to post
Angus Robertson 577 Posted May 22, 2021 I offer zip and exe downloads of my application installers, Firefox is happy with both, Edge moans about the exe which is signed with a Sectigo certificate, but the Keep option allows it to be downloaded OK. Windows 10 itself allows exe files signed by Sectigo to be opened and run without any warning dialogs. I thought most Windows users were aware that Nanny Microsoft is overly cautious about download warnings and know how to ignore them. The only download problem I've had was when Google scanned some Delphi component downloads on my site and decided one was malicious, never told me which but possibly an OpenSSL DLL, that caused my domain to be blocked by all browsers including Firefox, only solution was to hide all such files with a password. Angus Share this post Link to post
Guest Posted May 23, 2021 I do not do the same but... my clients' IT-departments (various) do the requests and mail me the result. I put the certs into my server(s). During the years, i have had more problems with the clients' that use comodo/sectigo compared to the other clients. If that helps at all... Share this post Link to post