locked
Windows Defender is giving a warning when Installing a validly signed App RRS feed

  • Question

  • Hey- We're using a regular code signing cert to sign all of our Windows software. We renewed our cert back in January 2020, but users are still getting Windows Defender and Smart Scan warnings that our software is untrusted. What is the specific threshold of installs that we need to meet in order for these warnings to disappear? (We can't use an EV code signing cert, as we perform code signing in CI, which doesn't have access to hardware tokens -- if anyone has a solution for using hardware tokens in CI, let me know!)

    Wednesday, April 22, 2020 11:30 PM

Answers

All replies

  • Hi,

    Thanks for posting here.

    I have some questions below:

    1. Which type of the software are you sign? Desktop, Driver, UWP or something else.

    2. Is there warnings before you renew the cert?

    3. Have you published the application?

    Applications that are signed with a standard code signing certificates need to have a positive reputation in order to pass the Smart Screen filter. Microsoft establishes the reputation of an executable based upon the number of installations world wide of the same application. 

    Best Regards,

    Drake


    MSDN Community Support Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Thursday, April 23, 2020 8:53 AM
  • Hi, Thanks for the reply. We are signing MSI installers and exe's using a regular code signing cert. What is the specific reputation/number of unique installs that we need to reach? For one of our MSI installers, we've hit over 200k downloads from unique IP's since we renewed our code signing cert. Even if only 1/2 of these users did an install, that's 100k unique installs, so I'm surprised our users are still reporting SmartScreen and Defender warnings.

    "Microsoft establishes the reputation of an executable based upon the number of installations world wide of the same application."

    Does this mean that if we release a new version of an exe or MSI installer the reputation from the previous version will not transfer to the new version? So essentially we'll be starting from 0 every time we make a new release?

    We'd like to understand this process better. Thanks for your help!

    • Edited by mdeggies Thursday, April 23, 2020 6:00 PM
    Thursday, April 23, 2020 5:58 PM
  • Sorry, since this forum mainly discusses General Windows Desktop Development Issues, but this thread seems not a development issue. We may not be able to support this case. I will redirect this question, to get better support for you. Thanks for understanding.

    Best Regards,

    Drake


    MSDN Community Support Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Friday, April 24, 2020 2:13 AM
  • I'd try asking for help over here.

    https://social.technet.microsoft.com/Forums/en-US/home?forum=WindowsDefenderATPPreview

     

     



    Regards, Dave Patrick ....
    Microsoft Certified Professional
    Microsoft MVP [Windows Server] Datacenter Management

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.

    Friday, April 24, 2020 2:36 AM