Jump to content

SmartScreen troubles

Recommended Posts

Hi guys,

My old Code Signing certificate (trusted by Smart Screen) was expired. I bought the new one (from Comodo/Sectigo), and with it i bought a problems with Windows Smart Screen. In Win10 and in Edge browser my customers see, that my software installer is a risky and can potentially damage computer. Discourage :(

My company has no many customers. So rebuild trust will take a lot of time.


Is a way to speed up that process? Submit a file for malware analysis - Microsoft Security Intelligence is a correct way or maybe exists different, better way?

Share this post

Link to post
Posted (edited)

We are using EV (extended validation) code signing certificates to add trust, this should prevent Windows from asking additional confirmation when installing our software. In addition, when the certificate is renewed, trust statistics are kept because the new certificate is recognized as being the same as the 'old' one. Requesting such a certificate requires extra steps during the certification process.
(I can send you an installation url if you want to see how this works out)

Edited by Keesver
  • Like 1

Share this post

Link to post

I offer zip and exe downloads of my application installers, Firefox is happy with both, Edge moans about the exe which is signed with a Sectigo certificate, but the Keep option allows it to be downloaded OK.  Windows 10 itself allows exe files signed by Sectigo to be opened and run without any warning dialogs. 


I thought most Windows users were aware that Nanny Microsoft is overly cautious about download warnings and know how to ignore them. 


The only download problem I've had was when Google scanned some Delphi component downloads on my site and decided one was malicious, never told me which but possibly an OpenSSL DLL, that caused my domain to be blocked by all browsers including Firefox, only solution was to hide all such files with a password. 




Share this post

Link to post

I do not do the same but... my clients' IT-departments (various) do the requests and mail me the result. I put the certs into my server(s).

During the years, i have had more problems with the clients' that use comodo/sectigo compared to the other clients.

If that helps at all...

Share this post

Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now