Hello,
Thank you for posting in Q&A forum.
Here's a detailed explanation and some steps you can take to mitigate these issues:
Windows Defender Warning: This warning appears when Windows Defender, the built-in antimalware software in Windows, detects potential security risks associated with the downloaded file. Even if the file is signed, Windows
Defender may still flag it if it has characteristics similar to known malware or if it's from a publisher not yet trusted by Windows Defender's reputation system.
This warning appears during installation if the digital signature on the application cannot be verified or if the publisher is not recognized by Windows as a trusted entity. Even with a reputable code signing certificate, this warning may still appear if the certificate is not yet widely trusted or if there are issues with the certificate's chain of trust.
Steps to Mitigate the Issues
Ensure Certificate Validity:
Verify that your Sectigo code signing certificate is valid, up-to-date, and not expired.
Ensure that the certificate is correctly associated with your company's identity and that all necessary validation steps have been completed.
EV Code Signing Certificate:
Consider upgrading to an EV (Extended Validation) code signing certificate. EV certificates provide a higher level of trust and can eliminate warnings from Windows Defender SmartScreen and other security features.
EV certificates require a more rigorous validation process, including verification of the applicant's legal existence and identity.
I hope the information above is helpful.
Best Regards,
Yanhong Liu
============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.