Windows 10: Maintain trust of SmartScreen as you move from EV to Regular Code Sign

Discus and support Maintain trust of SmartScreen as you move from EV to Regular Code Sign in Windows 10 Gaming to solve the problem; Our company is releasing a desktop application and wants to move from EV Code Signing HW to Regular Code Signing SW. Is there any way to maintain trust... Discussion in 'Windows 10 Gaming' started by StanSolSK, May 18, 2022.

  1. STANSOLSK
    StanSolSK Win User

    Maintain trust of SmartScreen as you move from EV to Regular Code Sign


    Our company is releasing a desktop application and wants to move from EV Code Signing HW to Regular Code Signing SW. Is there any way to maintain trust of Microsoft SmartScreen filter and avoid building reputation by downloading/installing the app organically?Thank you.

    :)
     
    StanSolSK, May 18, 2022
    #1
  2. ROB KOCH
    Rob Koch Win User

    Defender/SmartScreen warning.

    I also recall reading that the use of an Extended Validation certificate may improve the reputation more quickly, but since this article is from the initial time of this change in 2012 I'm not certain how much of this is still applicable today.

    Along with higher cost, my understanding is that these certificates require a deeper vetting process to confirm a developer are who they claim to be, resulting in the gains discussed in the paragraph below.

    Microsoft SmartScreen & Extended Validation (EV) Code Signing Certificates

    "Detractors may claim that SmartScreen is “forcing” developers to spend money on

    certificates. It should be stressed that EV code signing certificates are not required

    to build or maintain reputation with SmartScreen. Files signed with standard code

    signing certificates and even unsigned files continue to build reputation as they

    have since Application Reputation was introduced in IE9 last year. However, the

    presence of an EV code signing certificate is a strong indicator that the file was

    signed by an entity that has passed a rigorous validation process and was signed

    with hardware which allows our systems to establish reputation for that entity more

    quickly than unsigned or non-EV code signed programs."

    Rob
     
    Rob Koch, May 18, 2022
    #2
  3. TAIRIKUOKAMI
    TairikuOkami Win User
    Discord Voice App: Is It Safe?

    EV Code Signing Certificates | DigiCert.com

     
    TairikuOkami, May 18, 2022
    #3
  4. JTRAULLE
    jtraulle Win User

    Maintain trust of SmartScreen as you move from EV to Regular Code Sign

    Why Windows Defender SmartScreen does not show publisher name of a signed executable?

    I have purchased a Standard Code Signing certificate from Digicert and I do not understand why my executable, although signed with a certificate from a trusted CA is displayed as Unknown Publisher by Windows Defender SmartScreen.


    Maintain trust of SmartScreen as you move from EV to Regular Code Sign Z4A3v.png


    If I disable "Check applications and files" in "Control applications and browser" of the "Windows Defender Security Center" of Windows 10, my editor name appears correctly in the "Open File - Warning security"


    Maintain trust of SmartScreen as you move from EV to Regular Code Sign cN17d.png


    So, I'd really like to understand why the SmartScreen filter in Windows Defender still says Unknown Publisher.

    I understand that the SmartScreen filter is based on a reputation system and I do not question the actual display of the warning message (as my Code Signing certificate is not an EV one) but the fact that the name of the publisher is indicated as Unknown Publisher, whereas a valid signature is present.

    Any idea about that? I am code signing wrongly the executable?
     
    jtraulle, May 18, 2022
    #4
Thema:

Maintain trust of SmartScreen as you move from EV to Regular Code Sign

Loading...

  1. Maintain trust of SmartScreen as you move from EV to Regular Code Sign - Similar Threads - Maintain trust SmartScreen

  2. Web-Browser\Microsoft Defender SmartScreen trust

    in Windows 10 Software and Apps
    Web-Browser\Microsoft Defender SmartScreen trust: We have an installer for our software self-extracting archive signed with a GlobalSign Code Signing Certificate. It's uploaded to our server, users can download it through our website.We have encountered a couple of problems:1 When downloading our installer from our website,...

  3. Trusted Publisher - Code Signing Certificate

    in Windows 10 Gaming
    Trusted Publisher - Code Signing Certificate: I am working on trying code signing on my test environment and have now created a certificate template on my CA that I can request with my user. The certificate expires after one year, but in my Powershell script I give a timestamp server when signing. So the signed script...

  4. Trusted Publisher - Code Signing Certificate

    in Windows 10 Software and Apps
    Trusted Publisher - Code Signing Certificate: I am working on trying code signing on my test environment and have now created a certificate template on my CA that I can request with my user. The certificate expires after one year, but in my Powershell script I give a timestamp server when signing. So the signed script...

  5. Trusted Publisher - Code Signing Certificate

    in AntiVirus, Firewalls and System Security
    Trusted Publisher - Code Signing Certificate: I am working on trying code signing on my test environment and have now created a certificate template on my CA that I can request with my user. The certificate expires after one year, but in my Powershell script I give a timestamp server when signing. So the signed script...

  6. Maintain trust of SmartScreen as you move from EV to Regular Code Sign

    in Windows 10 Software and Apps
    Maintain trust of SmartScreen as you move from EV to Regular Code Sign: Our company is releasing a desktop application and wants to move from EV Code Signing HW to Regular Code Signing SW. Is there any way to maintain trust of Microsoft SmartScreen filter and avoid building reputation by downloading/installing the app organically?Thank you....

  7. Smartscreen triggers despite application signed with EV-code signing cert

    in AntiVirus, Firewalls and System Security
    Smartscreen triggers despite application signed with EV-code signing cert: Has anyone seen an issue where an application signed with an EV code signing cert still gets flagged by Windows smartscreen? I've spent hours with the support team of my certificate provider, and they are stumped on the issue. They say that everything looks good with the cert...

  8. SmartScreen warning on a exe file though it is signed by Digicert EV CS certificate

    in AntiVirus, Firewalls and System Security
    SmartScreen warning on a exe file though it is signed by Digicert EV CS certificate: Hello Team,I have one of my Customer sign their exe file with Digicert's EV CS Extended Validation Code SIgning Certificate a few days ago.However when we either try to download the file through Microsoft Edge or Install it, the Microsoft Defender Smartscreen flag it as...

  9. SmartScreen warning on a exe file though it is signed by Digicert EV CS certificate

    in AntiVirus, Firewalls and System Security
    SmartScreen warning on a exe file though it is signed by Digicert EV CS certificate: Hello Team,I have one of my Customer sign their exe file with Digicert's EV CS Extended Validation Code SIgning Certificate a few days ago.However when we either try to download the file through Microsoft Edge or Install it, the Microsoft Defender Smartscreen flag it as...

  10. EV Code Signing Certificate and MS Defender

    in AntiVirus, Firewalls and System Security
    EV Code Signing Certificate and MS Defender: Hello I understand that applying an EV Code Signing Certificate to an exe file will overcome the screening by Windows Defender and other anti virus software. Is this so? Are there any traps? Thanks...