Windows 10: EV Code Signing Certificate and MS Defender

Discus and support EV Code Signing Certificate and MS Defender in AntiVirus, Firewalls and System Security to solve the problem; Hello I understand that applying an EV Code Signing Certificate to an exe file will overcome the screening by Windows Defender and other anti virus... Discussion in 'AntiVirus, Firewalls and System Security' started by PaulM_63, Aug 4, 2019.

  1. PaulM_63 Win User

    EV Code Signing Certificate and MS Defender


    Hello

    I understand that applying an EV Code Signing Certificate to an exe file will overcome the screening by Windows Defender and other anti virus software. Is this so? Are there any traps?

    Thanks

    :)
     
    PaulM_63, Aug 4, 2019
    #1
  2. jtraulle Win User

    Why Windows Defender SmartScreen does not show publisher name of a signed executable?

    I have purchased a Standard Code Signing certificate from Digicert and I do not understand why my executable, although signed with a certificate from a trusted CA is displayed as Unknown Publisher by Windows Defender SmartScreen.


    EV Code Signing Certificate and MS Defender Z4A3v.png


    If I disable "Check applications and files" in "Control applications and browser" of the "Windows Defender Security Center" of Windows 10, my editor name appears correctly in the "Open File - Warning security"


    EV Code Signing Certificate and MS Defender cN17d.png


    So, I'd really like to understand why the SmartScreen filter in Windows Defender still says Unknown Publisher.

    I understand that the SmartScreen filter is based on a reputation system and I do not question the actual display of the warning message (as my Code Signing certificate is not an EV one) but the fact that the name of the publisher is indicated as Unknown Publisher, whereas a valid signature is present.

    Any idea about that? I am code signing wrongly the executable?
     
    jtraulle, Aug 4, 2019
    #2
  3. Rob Koch Win User
    Defender/SmartScreen warning.

    I also recall reading that the use of an Extended Validation certificate may improve the reputation more quickly, but since this article is from the initial time of this change in 2012 I'm not certain how much of this is still applicable today.

    Along with higher cost, my understanding is that these certificates require a deeper vetting process to confirm a developer are who they claim to be, resulting in the gains discussed in the paragraph below.

    Microsoft SmartScreen & Extended Validation (EV) Code Signing Certificates

    "Detractors may claim that SmartScreen is “forcing” developers to spend money on

    certificates. It should be stressed that EV code signing certificates are not required

    to build or maintain reputation with SmartScreen. Files signed with standard code

    signing certificates and even unsigned files continue to build reputation as they

    have since Application Reputation was introduced in IE9 last year. However, the

    presence of an EV code signing certificate is a strong indicator that the file was

    signed by an entity that has passed a rigorous validation process and was signed

    with hardware which allows our systems to establish reputation for that entity more

    quickly than unsigned or non-EV code signed programs."

    Rob
     
    Rob Koch, Aug 4, 2019
    #3
Thema:

EV Code Signing Certificate and MS Defender

Loading...
  1. EV Code Signing Certificate and MS Defender - Similar Threads - Code Signing Certificate

  2. I'm signed into my MS account but Xbox sign in gives me error code 1170000

    in Windows 10 Customization
    I'm signed into my MS account but Xbox sign in gives me error code 1170000: EDIT: Never mind. I signed out of Xbox on the console and signed back in and my game was available again, so that was the solution for me. Please disregard the following: Today, MS updated my pc to v 1903 and I can no longer access Xbox. I tried all the remedies...
  3. Sign in computer code

    in User Accounts and Family Safety
    Sign in computer code: I am running on W10 Version 1903 Build 18356.16. I want to change the computer sign in code I have when I start it. What part of settings is it located. Thanks 129340
  4. Secure Credentials with Self-Signed Certificates for PowerShell Script

    in Windows 10 News
    Secure Credentials with Self-Signed Certificates for PowerShell Script: Hello everyone, I’m Preston K. Parsard, specializing in Platforms, Azure Infrastructure and Automation topics, and I’d like to share some insights for securing PowerShell credentials using certificates. This post is based on a recent customer project, but we’ll also wrap a...
  5. Sign in with QR code

    in User Accounts and Family Safety
    Sign in with QR code: Is it possible to sign in to your windows with only scanning QR code from your phone as trusted device? 117570
  6. Sign in with QR code

    in Windows 10 Support
    Sign in with QR code: Is it possible to sign in to your windows with only scanning QR code from your phone as trusted device? 117570
  7. MS Edge: Website Certificate Errors

    in Browsers and Email
    MS Edge: Website Certificate Errors: My problem is I find MS Edge does not always react the same to sites that appear to have website certificate error problems. The following two url's are basically for the same site, due to a change in the name of the government department at some or other stage. Daily...
  8. MS Edge Problem with website security certificate

    in Browsers and Email
    MS Edge Problem with website security certificate: Just recently Edge has been giving me an error message stating "There is a problem with this site's security certificate" when I try to log onto my work site remotely. I know the site well, have spoken to their IT department and have been assured the certificate is up to...
  9. How to sing documents? Digital sign or certificate free

    in Windows 10 Software and Apps
    How to sing documents? Digital sign or certificate free: As i say i am wirter and like to sing my documents whith digital sing ¿Are a free alternative to sing documents? 105400
  10. How to sign Powershell profile w/ self-signed certificate?

    in Windows 10 Support
    How to sign Powershell profile w/ self-signed certificate?: About self-signing drivers: check in with Fernando (Dieter, the owner/operator) at Win-RAID.com. He's been doing that for years because of all the driver mods he posts on his site. Once you load his certificate, you can also load and use any of his drivers. It's a fair amount...