Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

IE9 SmartScreen Warning, Despite Following All Recommendations

We offer a Windows program downloadable as an InstallShield EXE from our website.

When someone running IE9 attempts to download and run our software, they see the following message at the bottom of their screen:

PROGRAMNAME.exe is not commonly downloaded and could harm your computer.
[DELETE] [ACTIONS] [VIEW DOWNLOADS]

I've read http://blogs.msdn.com/b/ie/archive/2011/03/22/smartscreen-174-application-reputation-building-reputation.aspx

It suggests:

  • Digitally sign your programs with an Authenticode signature.
  • Ensure downloads are not detected as malware.
  • Apply for a Windows Logo.

We've done all three things. Our EXE is digitally signed with an authenticode signature (and the bar above the warning message is orange, not red, indicating that IE9 recognized and verified the signature). Our download is not detected as malware by any antivirus program we've tried. And we have applied for and received a Windows Logo.

As yet, most of our customers are not using IE 9. But this is very troublesome to those who do. Is there anything else we can do about this, or do we just have to wait until a critical mass of customers have downloaded this software before this message will go away?

(Does that mean when we release a new version, all IE 9 users will get this message again until enough of them have downloaded it?)

UPDATE 2011-06-14:

Thanks, @EricLaw-MSFT. URL is http://dakim.dakiminc.netdna-cdn.com/DakimBrainFitness.exe . (It's found on the "Download Free Trial" button on http://www.dakim.com .)

We've only been offering downloadable trials for a short while. Our primary distribution method is installation DVDs.

like image 236
Schof Avatar asked Jun 11 '11 00:06

Schof


1 Answers

Extended Validation Code Signing Certificates don't suffer from the need to build reputation slowly according to this post:

Reputation is generated and assigned to digital certificates as well as specific files. Digital certificates allow data to be aggregated and assigned to a single certificate rather than many individual programs. Although not required, programs signed by an EV code signing certificate can immediately establish reputation with SmartScreen reputation services even if no prior reputation exists for that file or publisher. EV code signing certificates also have a unique identifier which makes it easier to maintain reputation across certificate renewals. Only Authenticode Certificates issued by a CA that is a member of the Windows Root Certificate Program can establish reputation.

At this time, Symantec and DigiCert are offering EV code signing certificates.

In an effort to improve my answer, I've added a link to a similar question I asked and eventually answered myself.

like image 192
Shannon Cook Avatar answered Oct 06 '22 22:10

Shannon Cook