False positives and unidentified developers

Hi all,

This is more of a general question about code signing, which I think is the solution to all of this. Over half of the emails I get from customers are about installers being recognized as malware or macOS not wanting to run the installer due to it being from an “unidentified developer”. For Apple, I suppose the solution is to enroll in the 99$/year developer program (about which any resources would be greatly appreciated as well). As for Windows, I have contacted all of the antivirus companies that have falsely flagged the installers, but this seems to be a slow process, and they don’t guarantee that they will remove the flag, even if the installer is clean. Furthermore, when I upload a new version of any of my plugins, the hash changes, and they flag it again. I know that code signing should be the solution for this as well, but I don’t quite know where shold I get the cetificate, how to sing the intaller (or the plugin?) etc. If anyone is willing to take the time to explain this process for me, I would be eternally grateful.

1 Like

@Aapo I hope I’m not missing the point behind your question (!), but why not simply distribute your plug-ins through the official app stores (i.e. the Apple store, and the Microsoft store)? That would probably resolve a lot of “trust” issues from customers.

Hoping this suggestion helps, anyhow.

Best wishes, Pete

Hi Pete,

Thanks for the response, I really appreciate it. Distributing audio plugins through the Microsoft Store and the App Store isn’t really a thing (as far as I know). I am not having trust issues by customers, but having to skip through warnings or disable anti virus software just to get the product installed isn’t really ideal.

1 Like

Hi @Aapo,

Glad you found it of some use!

Apple store - totally a thing. Distribute your AUv3 on the app store as an app extension - for iOS and/or macOS.

Microsoft store - totally a thing. Distribute your VST3 on the Microsoft store via a UWP wrapper application (that installs the VST3 on run-up, or via the menu, or some such).

For proof that this works :slight_smile: and isn’t just hyperbole please simply check-out the Free version of Wotja on both app stores. Both are JUCE apps with JUCE plug-ins.

Best wishes, Pete

See also this post https://forum.juce.com/t/juce-avoiding-lnk1248-structuring-windows-builds/52049 for tips on configuring Windows projects when using JUCE.


Thanks for the great info. However, I have great sales channels right now and I am sure that there is a way to get rid of the malware false positives without moving entitely to Windows Store or the App Store. I still really appreciate your time, Pete.

1 Like