Home/ Questions/Q 8494411
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-10T23:17:31+00:00

We are developer, and we have a digital signed application installer. When we install

  • 0

We are developer, and we have a digital signed application installer. When we install this application, it popups out the smart screen which affects the installing experience. It says

Windows protected your PC

Windows SmartScreen prevented an unrecognized app from starting,
Running this app might put your PC at risk.

I think Microsoft has some strategy to verify the application besides the digital signature. Has anyone has the experience for this issue and please give me some clue to fix this issue?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    If you signed the installer with a purchased certificate from a CA, you are supposed to contact the CA for explanation on why they failed to work with Microsoft to get rid of this warning.

    If the certificate is not from a CA, but a self-signed certificate, you will have to resort to a CA.

    Microsoft has most information published on its Windows team blog already,

    https://blogs.msdn.microsoft.com/ie/2012/08/14/microsoft-smartscreen-extended-validation-ev-code-signing-certificates/

    Best Practices

    Developers should still follow the best practices we’ve suggested in past blog posts. We have added to that guidance the additional options of distributing apps thru the Windows Store and the option of EV code signing:

    • Distribute your apps through the Windows Store

    Windows 8 Applications are required to pass the Windows Store developer onboarding and application review process. Windows 8 applications are not in scope for SmartScreen application reputation checks or warnings in Windows 8.

    • Digitally sign your programs (Standard or EV code signing)

    Reputation is generated and assigned to digital certificates as well as specific files. Digital certificates allow data to be aggregated and assigned to a single certificate rather than many individual programs. Although not required, programs signed by an EV code signing certificate can immediately establish reputation with SmartScreen reputation services even if no prior reputation exists for that file or publisher. EV code signing certificates also have a unique identifier which makes it easier to maintain reputation across certificate renewals. Only Authenticode Certificates issued by a CA that is a member of the Windows Root Certificate Program can establish reputation.

    At this time, Symantec and DigiCert are offering EV code signing certificates.

    • Don’t sign or distribute malicious code

    Distributing code detected as malicious will remove the reputation from a file and also any reputation from the associated digital certificate – even if signed with an EV code signing certificate.

    • Apply for a Windows Logo or Windows 8 Desktop App Certification

    Learn more about these programs here:
    Windows 8 Desktop App Certification (required for Windows Store submissions)
    Windows Logo Program

    • 0