windowswindows-installersmartscreen

How to get Windows' Smart Screen to trust my Installer?


I'm trying to deploy and distribute a C++ app on Windows.

I've managed to create an MSI installer with Visual Studio (with the Microsoft Visual Studio Installer Project extension). When I run it on my computer, everything is fine. But if I run it on someone's else computer, Windows Defender displays a SmartScreen warning:

image

We are still in beta, so we don't have a lot of money or any certificates, but we want to make the beta available without this warning to allow users to test the product and give us feedback (we want to setup a build-measure-learn method).

I've seen that I can use EV certificates to remove this warning (but they are too expensive, so it's not an option).

How can I remove this warning for every user who downloads my installer from my website (without any cost, if possible)?


Solution

  • You need an officially code sign or and code sign EV certificate, it will cost some money, and sign with signtool or build events your output (dll, msi, exe) with that certificates. Then your setup, is from a known publisher (you / your brand).

    You can use a self-signed cert, but then you need to install the cert on every machine ... that use case is useful for "internal" usage. In your case, when you offer a download from your Website, you need to inform the user, that you used a self-sign cert and you can offer the CA of your cert and ask the user to install it ... or you just mention that the cert is self-signed and share the Fingerprints / MD5 Hashes so your customers can verify the content on there own.