Answered by:
Windows Defender is giving a warning when Installing a validly signed App

Question
-
Hey- We're using a regular code signing cert to sign all of our Windows software. We renewed our cert back in January 2020, but users are still getting Windows Defender and Smart Scan warnings that our software is untrusted. What is the specific threshold of installs that we need to meet in order for these warnings to disappear? (We can't use an EV code signing cert, as we perform code signing in CI, which doesn't have access to hardware tokens -- if anyone has a solution for using hardware tokens in CI, let me know!)
- Moved by Drake_WuMicrosoft contingent staff Friday, April 24, 2020 2:13 AM
Wednesday, April 22, 2020 11:30 PM
Answers
-
I'd try asking for help over here.
https://social.technet.microsoft.com/Forums/en-US/home?forum=WindowsDefenderATPPreview
Regards, Dave Patrick ....
Microsoft Certified Professional
Microsoft MVP [Windows Server] Datacenter Management
Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.- Proposed as answer by Guido Franzke Friday, April 24, 2020 6:27 AM
- Marked as answer by Dave PatrickMVP Thursday, May 7, 2020 1:30 PM
Friday, April 24, 2020 2:36 AM
All replies
-
Hi,
Thanks for posting here.
I have some questions below:
1. Which type of the software are you sign? Desktop, Driver, UWP or something else.
2. Is there warnings before you renew the cert?
3. Have you published the application?
Applications that are signed with a standard code signing certificates need to have a positive reputation in order to pass the Smart Screen filter. Microsoft establishes the reputation of an executable based upon the number of installations world wide of the same application.
Best Regards,
Drake
MSDN Community Support Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.
Thursday, April 23, 2020 8:53 AM -
Hi, Thanks for the reply. We are signing MSI installers and exe's using a regular code signing cert. What is the specific reputation/number of unique installs that we need to reach? For one of our MSI installers, we've hit over 200k downloads from unique IP's since we renewed our code signing cert. Even if only 1/2 of these users did an install, that's 100k unique installs, so I'm surprised our users are still reporting SmartScreen and Defender warnings.
"Microsoft establishes the reputation of an executable based upon the number of installations world wide of the same application."
Does this mean that if we release a new version of an exe or MSI installer the reputation from the previous version will not transfer to the new version? So essentially we'll be starting from 0 every time we make a new release?
We'd like to understand this process better. Thanks for your help!
- Edited by mdeggies Thursday, April 23, 2020 6:00 PM
Thursday, April 23, 2020 5:58 PM -
Sorry, since this forum mainly discusses General Windows Desktop Development Issues, but this thread seems not a development issue. We may not be able to support this case. I will redirect this question, to get better support for you. Thanks for understanding.
Best Regards,
Drake
MSDN Community Support Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.
Friday, April 24, 2020 2:13 AM -
I'd try asking for help over here.
https://social.technet.microsoft.com/Forums/en-US/home?forum=WindowsDefenderATPPreview
Regards, Dave Patrick ....
Microsoft Certified Professional
Microsoft MVP [Windows Server] Datacenter Management
Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.- Proposed as answer by Guido Franzke Friday, April 24, 2020 6:27 AM
- Marked as answer by Dave PatrickMVP Thursday, May 7, 2020 1:30 PM
Friday, April 24, 2020 2:36 AM