I am new to python. I managed to write my code for logging versions and generated executable using cx_freeze. It is working fine in my machine, but when I take it to other machines, I'm getting Windows smart screen error.
Any idea how to get rid of this?
Quick help required.
Thanks in advance.enter image description here
That is how SmartScreen works, it blocks "unpopular" executables. Depending on the system configuration the user might be able to click on "More Info" and run it anyway.
If enough people download and run your .exe then the SmartScreen block will go away. Microsoft does not specify how many downloads are required in their FAQ:
When you download a program from the Internet, SmartScreen Filter will check the program against a list of programs that are downloaded by a significant number of other Internet Explorer users and a list of programs that are known to be unsafe. If the program you're downloading isn't on either list, SmartScreen Filter will display a warning that the file isn't "commonly downloaded."
SmartScreen checks files that you download from the web against a list of reported malicious software sites and programs known to be unsafe. If it finds a match, SmartScreen will warn you that the download has been blocked for your safety. SmartScreen also checks the files that you download against a list of files that are well known and downloaded by many people who use Internet Explorer. If the file that you're downloading isn't on that list, SmartScreen will warn you.
Microsoft SmartScreen & Extended Validation (EV) Code Signing Certificates:
Code signing is important
to our reputation intelligence because this higher level identity allows us to build
reputation across multiple programs signed by a publisher. It is also important
for publishers because signed programs inherit the reputation of the certificate
with which they are signed; this means every program a publisher distributes doesn’t
need to build reputation individually.
...
Programs signed by an EV code signing certificate can immediately establish reputation
with SmartScreen reputation services even if no prior reputation exists for that
file or publisher.
Removing the "Mark of the Web" by unblocking it in the files properties should also prevent the SmartScreen message.
Related
Our organization recently obtained an EV code signing certificate. It did give us instant SmartScreen trust, but 2 things still happen:
A minor annoyance was Chrome that issued a warning file.exe is not commonly downloaded and may be dangerous to first few downloaders but it went away within a day without us doing anything.
A much greater problem is Windows Defender. Here is what it does:
When our users install the program, it flags and locks crucial components that are required. This happens to most users.
We scanned the program components locally before uploading them and found no issues. Our Virus & threat protection is up to date. We also do not trigger antivirus protection when we download the same file from the website and install it as a normal user would. Why does it act so inconsistent that it doesn’t flag files when we download it from internet on our internal PC’s but it happens to most external users?
So far, we have been collecting these generic threat names and file names from our users and submitting them to Microsoft for analysis: https://www.microsoft.com/en-us/wdsi/filesubmission
It is very admirable that MS analysts review those files within a day, but what is not good is that they seem to update their antivirus definitions only for the threat name that was detected and not mark whole file as harmless. This problem gets even more frustrating because we update our installer often since program is in active development.
I am also worried that these updates with MS threat definitions are not properly disseminated to Windows users across the world fast enough. What happens if users do not update their definitions or have them turned off?
Is there anything that we are not doing yet, but could do to reduce issues with these false positives?
EV code signing certificate was issued by DigiCert and it was very expensive. Will these issues go away after MS scans signed files several times and increases trust score of our certificate? By that I mean, will it reduce the false positives on future builds that were not yet submitted for analysis?
I have made free software and converted it into an NSIS installer. But the issue is that when users download the setup.exe first they get chrome warning not commonly downloaded and it is dangerous file with a keep button hidden under an arrow button.
Even if they choose to keep the file, when opening the installer, the windows SmartScreen shows up warning the users again.
Is there a way can I get past these two for free? I mean I don't charge my users anything.
I only know a way to bypass the download warning. However it is not the prettiest solution, but I am currently using this while researching other possibilities.
My way to bypass the SmartScreen download filter is to bundle your setup.exe into a .zip for instance and then download the zip file instead and then the users can run the setup.exe from within. After some testing and feedback, most of our users don't notice this small extra step.
When they run the setup, you need to have signed the installer using a valid certificate for the Windows warning to go away. Here I have not found any clever ways to avoid this. So you need to pay some certificate authority to create a valid certificate for your software.
Hope this answers your question.
I understand the code signing.
But when I try to download some application, it doesn't even have code signing.
And it can still open without the Windows Defender blue screen.
Example: http://www.eainstall.com/download
How do I do that?
The Windows SmartScreen alert will go away after enough people download it.
If your software is not that popular then the warning will never go away and there is not much you can do about it.
SmartScreen checks files that you download from the web against a list of reported malicious software sites and programs known to be unsafe. If it finds a match, SmartScreen will warn you that the download has been blocked for your safety. SmartScreen also checks the files that you download against a list of files that are well known and downloaded by many people who use Internet Explorer. If the file that you're downloading isn't on that list, SmartScreen will warn you.
Microsoft SmartScreen & Extended Validation (EV) Code Signing Certificates:
Code signing is important
to our reputation intelligence because this higher level identity allows us to build
reputation across multiple programs signed by a publisher. It is also important
for publishers because signed programs inherit the reputation of the certificate
with which they are signed; this means every program a publisher distributes doesn’t
need to build reputation individually.
...
Programs signed by an EV code signing certificate can immediately establish reputation
with SmartScreen reputation services even if no prior reputation exists for that
file or publisher.
I've created a setup.exe file and loaded it onto my web site for downloading. The .exe file has been code signed with a certificate from godaddy. When downloading the .exe file from my website using win7 it detects the certificate and displays it to be a safe download. On win10 the .exe file downloads fine but when opening the .exe the smartscreen blocks it from opening. I have many users using win10 and don't want to explain to them to turn off smartscreen. What are my options to get this .exe past win10 smarscreen?
The Windows SmartScreen alert will go away after enough people download and run it. If your software is not that popular then the warning will never go away and there is not much you can do about it. You can try to get yourself whitelisted but I would not hold my breath while waiting for that. Microsoft does not document what enough downloads is.
SmartScreen checks files that you download from the web against a list of reported malicious software sites and programs known to be unsafe. If it finds a match, SmartScreen will warn you that the download has been blocked for your safety. SmartScreen also checks the files that you download against a list of files that are well known and downloaded by many people who use Internet Explorer. If the file that you're downloading isn't on that list, SmartScreen will warn you.
Signing will help you bypass smartscreen on updates you release in the future but it will not let you bypass the initial warning:
Downloads are assigned a reputation rating based on many criteria, such as download traffic, download history, past antivirus results and URL reputation. Reputation is generated and assigned to digital certificates as well as specific files.
According to this answer, passing and uploading the results from the Windows App Certification Kit tests will build reputation faster (requires a SysDev account).
See also:
SmartScreen® Application Reputation in IE9
SmartScreen® Application Reputation – Building Reputation
Introducing SmartScreen® Application Reputation
We offer a Windows program downloadable as an InstallShield EXE from our website.
When someone running IE9 attempts to download and run our software, they see the following message at the bottom of their screen:
PROGRAMNAME.exe is not commonly downloaded and could harm your computer.
[DELETE] [ACTIONS] [VIEW DOWNLOADS]
I've read http://blogs.msdn.com/b/ie/archive/2011/03/22/smartscreen-174-application-reputation-building-reputation.aspx
It suggests:
Digitally sign your programs with an
Authenticode signature.
Ensure downloads are not detected as
malware.
Apply for a Windows Logo.
We've done all three things. Our EXE is digitally signed with an authenticode signature (and the bar above the warning message is orange, not red, indicating that IE9 recognized and verified the signature). Our download is not detected as malware by any antivirus program we've tried. And we have applied for and received a Windows Logo.
As yet, most of our customers are not using IE 9. But this is very troublesome to those who do. Is there anything else we can do about this, or do we just have to wait until a critical mass of customers have downloaded this software before this message will go away?
(Does that mean when we release a new version, all IE 9 users will get this message again until enough of them have downloaded it?)
UPDATE 2011-06-14:
Thanks, #EricLaw-MSFT. URL is http://dakim.dakiminc.netdna-cdn.com/DakimBrainFitness.exe . (It's found on the "Download Free Trial" button on http://www.dakim.com .)
We've only been offering downloadable trials for a short while. Our primary distribution method is installation DVDs.
Extended Validation Code Signing Certificates don't suffer from the need to build reputation slowly according to this post:
Reputation is generated and assigned to digital certificates as well as specific files. Digital
certificates allow data to be aggregated and assigned to a single certificate rather than many
individual programs. Although not required, programs signed by an EV code signing certificate can immediately establish reputation with SmartScreen reputation services even if no prior reputation exists for that file or publisher. EV code signing certificates also have a unique identifier
which makes it easier to maintain reputation across certificate renewals. Only Authenticode
Certificates issued by a CA that is a member of the Windows Root Certificate Program can establish
reputation.
At this time, Symantec and DigiCert are offering EV code signing certificates.
In an effort to improve my answer, I've added a link to a similar question I asked and eventually answered myself.