Windows 10: EV Code Signing Certificate and MS Defender

Hello

I understand that applying an EV Code Signing Certificate to an exe file will overcome the screening by Windows Defender and other anti virus software. Is this so? Are there any traps?

Thanks

:)

 

Why Windows Defender SmartScreen does not show publisher name of a signed executable?

I have purchased a Standard Code Signing certificate from Digicert and I do not understand why my executable, although signed with a certificate from a trusted CA is displayed as Unknown Publisher by Windows Defender SmartScreen.





If I disable "Check applications and files" in "Control applications and browser" of the "Windows Defender Security Center" of Windows 10, my editor name appears correctly in the "Open File - Warning security"





So, I'd really like to understand why the SmartScreen filter in Windows Defender still says Unknown Publisher.

I understand that the SmartScreen filter is based on a reputation system and I do not question the actual display of the warning message (as my Code Signing certificate is not an EV one) but the fact that the name of the publisher is indicated as Unknown Publisher, whereas a valid signature is present.

Any idea about that? I am code signing wrongly the executable?

 

Defender/SmartScreen warning.

I also recall reading that the use of an Extended Validation certificate may improve the reputation more quickly, but since this article is from the initial time of this change in 2012 I'm not certain how much of this is still applicable today.

Along with higher cost, my understanding is that these certificates require a deeper vetting process to confirm a developer are who they claim to be, resulting in the gains discussed in the paragraph below.

Microsoft SmartScreen & Extended Validation (EV) Code Signing Certificates

"Detractors may claim that SmartScreen is “forcing” developers to spend money on

certificates. It should be stressed that EV code signing certificates are not required

to build or maintain reputation with SmartScreen. Files signed with standard code

signing certificates and even unsigned files continue to build reputation as they

have since Application Reputation was introduced in IE9 last year. However, the

presence of an EV code signing certificate is a strong indicator that the file was

signed by an entity that has passed a rigorous validation process and was signed

with hardware which allows our systems to establish reputation for that entity more

quickly than unsigned or non-EV code signed programs."

Rob