Windows 10: SmartScreen warning on a exe file though it is signed by Digicert EV CS certificate

Discus and support SmartScreen warning on a exe file though it is signed by Digicert EV CS certificate in AntiVirus, Firewalls and System Security to solve the problem; Hello Team,I have one of my Customer sign their exe file with Digicert's EV CS Extended Validation Code SIgning Certificate a few days ago.However when... Discussion in 'AntiVirus, Firewalls and System Security' started by Prashanth Anantharaman, Jun 16, 2021.

  1. SmartScreen warning on a exe file though it is signed by Digicert EV CS certificate


    Hello Team,I have one of my Customer sign their exe file with Digicert's EV CS Extended Validation Code SIgning Certificate a few days ago.However when we either try to download the file through Microsoft Edge or Install it, the Microsoft Defender Smartscreen flag it as "Untrusted and harmful"I have checked the File Properties --> Digital Signatures --> View Certificate --> Details Under Certificate Policy it has the Policy Identifier as "2.23.140.1.3" which corresponds to EV CodeSigning as per https://docs.microsoft.com/en-us/security/trusted-root/program-requirements So is th

    :)
     
    Prashanth Anantharaman, Jun 16, 2021
    #1
  2. Rob Koch Win User

    Defender/SmartScreen warning.

    I also recall reading that the use of an Extended Validation certificate may improve the reputation more quickly, but since this article is from the initial time of this change in 2012 I'm not certain how much of this is still applicable today.

    Along with higher cost, my understanding is that these certificates require a deeper vetting process to confirm a developer are who they claim to be, resulting in the gains discussed in the paragraph below.

    Microsoft SmartScreen & Extended Validation (EV) Code Signing Certificates

    "Detractors may claim that SmartScreen is “forcing” developers to spend money on

    certificates. It should be stressed that EV code signing certificates are not required

    to build or maintain reputation with SmartScreen. Files signed with standard code

    signing certificates and even unsigned files continue to build reputation as they

    have since Application Reputation was introduced in IE9 last year. However, the

    presence of an EV code signing certificate is a strong indicator that the file was

    signed by an entity that has passed a rigorous validation process and was signed

    with hardware which allows our systems to establish reputation for that entity more

    quickly than unsigned or non-EV code signed programs."

    Rob
     
    Rob Koch, Jun 16, 2021
    #2
  3. jtraulle Win User
    Why Windows Defender SmartScreen does not show publisher name of a signed executable?

    I have purchased a Standard Code Signing certificate from Digicert and I do not understand why my executable, although signed with a certificate from a trusted CA is displayed as Unknown Publisher by Windows Defender SmartScreen.


    SmartScreen warning on a exe file though it is signed by Digicert EV CS certificate Z4A3v.png


    If I disable "Check applications and files" in "Control applications and browser" of the "Windows Defender Security Center" of Windows 10, my editor name appears correctly in the "Open File - Warning security"


    SmartScreen warning on a exe file though it is signed by Digicert EV CS certificate cN17d.png


    So, I'd really like to understand why the SmartScreen filter in Windows Defender still says Unknown Publisher.

    I understand that the SmartScreen filter is based on a reputation system and I do not question the actual display of the warning message (as my Code Signing certificate is not an EV one) but the fact that the name of the publisher is indicated as Unknown Publisher, whereas a valid signature is present.

    Any idea about that? I am code signing wrongly the executable?
     
    jtraulle, Jun 16, 2021
    #3
  4. Rob Koch Win User

    SmartScreen warning on a exe file though it is signed by Digicert EV CS certificate

    Windows Defender is giving a warning when Installing a validly signed App.

    That's the normal message for any new application for several years now, since the app must develop a reputation by receiving a significant number (3,000+ I believe I've read in the past) of accepted downloads before that message can be bypassed even with
    a certificate.

    As this MSDN article from 2013 indicates in the following paragraphs, only an EV (Extended Validation) certificate will immediately establish reputation due to the more stringent developer validation that these require, as well as their higher cost for that
    process of course.

    Rob

    Windows SmartScreen prevented an unrecognized app from running. Running this app might put your PC at risk

    *P.S. The goal of the Application Reputation experience is to warn users, when appropriate, that a downloaded application has not yet established a reputation.

    Reputation is established by SmartScreen® service intelligence algorithms based on how an application is used by Windows and Internet Explorer users. Reputation may be based on the downloaded application or can also be assigned to the publisher based
    on digital certificate information. Only Authenticode Certificates issued by a CA that is a member of the

    Windows Root Certificate Program
    can establish reputation. Digital certificates allow data to be aggregated and assigned to a single certificate rather than many individual
    programs. Although not required, programs signed by an EV code signing certificate* can immediately establish reputation with
    SmartScreen reputation services even if no prior reputation exists for that file or publisher. EV code signing certificates also have a unique identifier which makes it easier to maintain reputation across certificate renewals.

    At this time, both
    Symantec
    and

    DigiCert
    are offering EV code signing certificates as described in the blog

    Microsoft SmartScreen & Extended Validation (EV) Code Signing Certificates
     
    Rob Koch, Jun 16, 2021
    #4
Thema:

SmartScreen warning on a exe file though it is signed by Digicert EV CS certificate

Loading...
  1. SmartScreen warning on a exe file though it is signed by Digicert EV CS certificate - Similar Threads - SmartScreen warning exe

  2. Maintain trust of SmartScreen as you move from EV to Regular Code Sign

    in Windows 10 Software and Apps
    Maintain trust of SmartScreen as you move from EV to Regular Code Sign: Our company is releasing a desktop application and wants to move from EV Code Signing HW to Regular Code Signing SW. Is there any way to maintain trust of Microsoft SmartScreen filter and avoid building reputation by downloading/installing the app organically?Thank you....
  3. Maintain trust of SmartScreen as you move from EV to Regular Code Sign

    in Windows 10 Gaming
    Maintain trust of SmartScreen as you move from EV to Regular Code Sign: Our company is releasing a desktop application and wants to move from EV Code Signing HW to Regular Code Signing SW. Is there any way to maintain trust of Microsoft SmartScreen filter and avoid building reputation by downloading/installing the app organically?Thank you....
  4. Defend Smart Screen Blocking New EV Code Signing Certificate

    in AntiVirus, Firewalls and System Security
    Defend Smart Screen Blocking New EV Code Signing Certificate: We publish software that runs on Microsoft Server and Windows 10+. Recently Identrust a division of HID Global forced our company to replace our existing EV Code Signing Certificate due to some root cert issues. We received and installed the new EV Code Signing Certificate...
  5. Defend Smart Screen Blocking New EV Code Signing Certificate

    in Windows 10 Software and Apps
    Defend Smart Screen Blocking New EV Code Signing Certificate: We publish software that runs on Microsoft Server and Windows 10+. Recently Identrust a division of HID Global forced our company to replace our existing EV Code Signing Certificate due to some root cert issues. We received and installed the new EV Code Signing Certificate...
  6. Smartscreen triggers despite application signed with EV-code signing cert

    in AntiVirus, Firewalls and System Security
    Smartscreen triggers despite application signed with EV-code signing cert: Has anyone seen an issue where an application signed with an EV code signing cert still gets flagged by Windows smartscreen? I've spent hours with the support team of my certificate provider, and they are stumped on the issue. They say that everything looks good with the cert...
  7. SmartScreen warning on a exe file though it is signed by Digicert EV CS certificate

    in AntiVirus, Firewalls and System Security
    SmartScreen warning on a exe file though it is signed by Digicert EV CS certificate: Hello Team,I have one of my Customer sign their exe file with Digicert's EV CS Extended Validation Code SIgning Certificate a few days ago.However when we either try to download the file through Microsoft Edge or Install it, the Microsoft Defender Smartscreen flag it as...
  8. New version of our software gets SmartScreen warning even though the file is signed

    in Windows 10 Ask Insider
    New version of our software gets SmartScreen warning even though the file is signed: We built a new version of our software, the file is signed but Windows SmartScreen still show this message: https://i.imgur.com/EQco9m9.png Microsoft Defender SmartScreen prevented an unrecognized app from starting. Running this app might put your PC at risk. What does...
  9. EV Code Signing Certificate and MS Defender

    in AntiVirus, Firewalls and System Security
    EV Code Signing Certificate and MS Defender: Hello I understand that applying an EV Code Signing Certificate to an exe file will overcome the screening by Windows Defender and other anti virus software. Is this so? Are there any traps? Thanks...
  10. RE exe file certificates

    in AntiVirus, Firewalls and System Security
    RE exe file certificates: I have 2 files - supposedly the same version but not the same size. 1 has Verisign certificate and the UAC says it is a know vendor 2 has Symantec certificate and the UAC says it is an unknow vendor. I checked the certificate in file explorer and the Symantec certificate...