Windows Smart Defender Plugin Exe

Hey Fellow Devs,

We’ve launched a small plugin app. Pretty basic setup, but packaged in innosetup, and the .exe signed with a cert obtained via a sectigo reseller.

The exe is hosted on amazon s3, and distributed through an expiring s3 URL.

It seems even through all of this, windows smart defender is blocking downloads on windows machines. Seems we’ve done everything correctly on our end – does anyone have an idea on how to assess / prevent this issue?

It’s not a good look!

J

So, the issue is not the executable but the URL?

Are you using HTTPS? If so, is your cert for your URL valid/up to date?

Hey @jrlanglois thanks for the response,

So when you create an expirable URL with the amazon s3 SDK, it does indeed generate https – and our server is running on heroku which is using the auto managed SSL certs.

Totally scratching my head on this one… submitted it to Microsoft for review and it came back as clean but still happening :thinking:

What type of cert did you get? I believe there are multiple ‘levels’, the cheaper one is strange in that it doesn’t just ‘work’ when you start using it. Some sort of ‘number of downloads’ or something needs to happen before it starts being recognized. We went through this at work, and had to update to the more expensive one to have immediate cert recognition. Be aware, I am talking about this from a very unknowledgeable perspective, only arising from observing our process.

2 Likes

We recently experienced Smartscreen alerts too even though we were already using pretty expensive code signing certificates with no troubles at all. Had an enlightening talk with a Microsoft employee after we submitted our installer to report false detection: Smartscreen and/or Defender use a notoriety score associated with every encountered code signing certificate’s thumbprint. When releasing new binaries signed with a fresh new certificate, it may take some time before it gains decent notoriety. Sometimes, with bad luck, the false-detection/yet-unknown-cert combo will trigger Smartscreen alerts. With relatively low impact, in our case, based on our estimation. As long as you submitted your file, this should be fixed quickly.

2 Likes

Thanks – it appears we got unlucky, I’ve submitted it for review with MS and it came back clean a few days ago – still facing the issues though.

Kicking myself for not getting an EV cert!

And when you will renew your certificate in a few years, it will be the same circus again as you’ll loose all your ‘notoriety score’ in the process…

Just post a message next to your download explaining that smartscreen sucks and that users should just disregard its warning.

1 Like

Totally –

The most infuriating part is I keep getting messages from Microsoft – this software has passed requirements and users should no longer see this warning. Meanwhile the warning is still there.

MS is a racket with how they handle certs… never had such a sketchy experience buying something than a cert online and downloading in an old IE it’s like I’m on the dark web or something lol

2 Likes