How to avoid the "Windows Defender SmartScreen prevented an unrecognized app from starting warning"
My company distributes an installer to customers via our website. Recently when I download via the website and try to run the installer I get the warning message:
Windows protected your PC
Windows Defender SmartScreen prevented an unrecognized app from starting. Running this app might put your PC at risk.
If I right-click on the installer and choose Properties I note the following:
Our installer is signed.
How do I find the reason for the Windows Defender SmartScreen warning?
I have not managed to find any log file for Windows Defender nor found anything in the Event Viewer.
If you have a standard code signing certificate, some time will be needed for your application to build trust. Microsoft affirms that an Extended Validation (EV) Code Signing Certificate allows us to skip this period of trust-building. According to Microsoft, extended validation certificates will enable the developer to immediately establish a reputation with SmartScreen. Otherwise, the users will see a warning like "Windows Defender SmartScreen prevented an unrecognized app from starting. Running this app might put your PC at risk.", with the two buttons: "Run anyway" and "Don't run".
Another Microsoft resource states the following (quote): "Although not required, programs signed by an EV code signing certificate can immediately establish a reputation with SmartScreen reputation services even if no prior reputation exists for that file or publisher. EV code signing certificates also have a unique identifier which makes it easier to maintain reputation across certificate renewals."
My experience is as follows. Since 2005, we have been using regular (non-EV) code signing certificates to sign .MSI, .EXE and .DLL files with timestamps, and there has never been a problem with SmartScreen until 2018, when there was just one case when it took 3 days for a beta version of our application to build trust since we have released it to beta testers. It was in the middle of the certificate validity period. I don't know what SmartScreen might not like in that specific version of our application, but there have been no SmartScreen complaints since then. Therefore, if your certificate is a non-EV, it is a signed application (such as an .MSI file) that will build trust over time, not a certificate. For example, a certificate can be issued a few months ago and used to sign many files, but for each signed file you publish, it may take a few days for SmartScreen to stop complaining about the file after publishing, as was in our case in 2018.
We didn't submit our software to Microsoft malware analysis. Microsoft started to provide this service in 2017. It may be a viable alternative to an Extended Validation (EV) certificate.
In conclusion, to avoid the warning altogether, i.e., prevent it from happening even suddenly, you need an Extended Validation (EV) code signing certificate, and/or, you can submit your software to Microsoft malware analysis.
- Find Task-Manager Description Column from CMD?
- How do I find out which process is listening on a TCP or UDP port on Windows?
- WINMAIN and main() in C++ (Extended)
- How to install ripgrep on Windows?
- CryptographicException: Access denied - How to give access on User store?
- How to set the UDP packet reassembly timeout in Windows 10
- Unable to create Symlink - cannot create a file when that file already exists
- How can I open a cmd window in a specific location?
- When running flutter app on window it show following error
- Can I use NotifyIcon in WPF?
- Python: How to open a folder on Windows Explorer(Python 3.6.2, Windows 10)
- ANSI In Terminal (Windows 10)
- How to get "valid data length" of a file?
- Check CMake version using python
- How do I update golang from command prompt on Windows?
- in powershell, set affinity in start-process
- Crypto++ library link error using Visual Studio 2017
- Limit python script RAM usage in Windows
- Powershell script throws error (80040154 Class not registered) only when it is executed from codedeploy, Why?
- How to change default scheduled task process priority in Windows
- How can I tile horizontally certain windows programmatically?
- C# get good color for label
- install gitlab on Windows with Docker
- Faking an RS232 Serial Port
- Rename all files in a directory with a Windows batch script
- An attempt was made to load a program with an incorrect format. VS2022 Service-based database
- How to set adminstrator privilege using manifest for Windows 10?
- Is it possible to modify a registry entry via a .bat/.cmd script?
- Quasar dev PSSecurityException
- How do I add a gzip command to Windows CMD?