Windows defender blocking signed apps

SeanPress 206 Reputation points
2024-11-06T20:40:52.93+00:00

Hi,

I have created some windows forms apps, the apps are all signed with a Sectigo code signing certificate but when I download them from my own website, I initially get the windows defender warning that the app has been blocked for my protection, once I select the install anyway option, I get the unknown publisher warning before it will install. I’ve paid a lot of money for a reputable code signing certificate, why does windows still do this & what do I need to do so that my website users don’t suffer these issues?

Sean

Windows Forms
Windows Forms
A set of .NET Framework managed libraries for developing graphical user interfaces.
1,905 questions
Windows
Windows
A family of Microsoft operating systems that run across personal computers, tablets, laptops, phones, internet of things devices, self-contained mixed reality headsets, large collaboration screens, and other devices.
5,561 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Yanhong Liu 13,345 Reputation points Microsoft Vendor
    2024-11-08T02:38:07.42+00:00

    Hello,

    Thank you for posting in Q&A forum.

    Here's a detailed explanation and some steps you can take to mitigate these issues:

    Windows Defender Warning: This warning appears when Windows Defender, the built-in antimalware software in Windows, detects potential security risks associated with the downloaded file. Even if the file is signed, Windows

    Defender may still flag it if it has characteristics similar to known malware or if it's from a publisher not yet trusted by Windows Defender's reputation system.

    This warning appears during installation if the digital signature on the application cannot be verified or if the publisher is not recognized by Windows as a trusted entity. Even with a reputable code signing certificate, this warning may still appear if the certificate is not yet widely trusted or if there are issues with the certificate's chain of trust.

    Steps to Mitigate the Issues

    Ensure Certificate Validity:

    Verify that your Sectigo code signing certificate is valid, up-to-date, and not expired.

    Ensure that the certificate is correctly associated with your company's identity and that all necessary validation steps have been completed.

    EV Code Signing Certificate:

    Consider upgrading to an EV (Extended Validation) code signing certificate. EV certificates provide a higher level of trust and can eliminate warnings from Windows Defender SmartScreen and other security features.

    EV certificates require a more rigorous validation process, including verification of the applicant's legal existence and identity.

    I hope the information above is helpful.

    Best Regards,

    Yanhong Liu

    ============================================

    If the Answer is helpful, please click "Accept Answer" and upvote it.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.