We built a new version of our software, the file is signed but Windows SmartScreen still show this message:
https://i.imgur.com/EQco9m9.png
Microsoft Defender SmartScreen prevented an unrecognized app from starting. Running this app might put your PC at risk.
What does SmartScreen require to not show this message?
Thank you
This occurs because you’re using a non-EV code signing certificate. Any executable that is signed with such a certificate has to be launched on a minimum number of separate computers in order to earn trust. Microsoft does not publish the value of this minimum number.
You can either wait for enough people to trust and run your application, submit it for manual review at the MS site (I’ll try to find the link again), or purchase an EV certificate instead of an ordinary code signing certificate.
And it happens for each new version… In the new Edge browser is a built in function which allows to report the downloaded file as not harmful.
People launch malicious apps all the time and have no idea. Does the x number of runs in order to be safe sound like a good requirement?
There are requirements to smart screen. If it’s signed I think it still needs at least 100 runs (possibly on different machines) to be considered as safe. You can find the conditions online if you look for them
I don’t believe 100 runs is documented, and I wouldn’t be surprised if there isn’t a fixed number.
For my unsigned app it took close to ~50k for it to disappear :'(
You can either buy an EV certificate, or you can have enough computers vouch for the non-maliciousness.
C# devs
null reference exceptions