How to avoid the Windows Defender SmartScreen prevented an unrecognized app from starting warning

Question

My company distributes an installer to customers via our website  Recently when I download via the website and try to run the installer I get the warning message   Windows protected your PC Windows Defender SmartScreen prevented an unrecognized app from starting  Running this app might put your PC at risk   If I right-click on the installer and choose Properties I note the following   Our installer is signed  How do I find the reason for the Windows Defender SmartScreen warning  I have not managed to find any log file for Windows Defender nor found anything in the Event Viewer

User · Accepted Answer

If you have a standard code signing certificate, some time will be needed for your application to build trust. Microsoft affirms that an Extended Validation (EV) Code Signing Certificate allows us to skip this period of trust-building. According to Microsoft, extended validation certificates allow the developer to immediately establish a reputation with SmartScreen. Otherwise, the users will see a warning like "Windows Defender SmartScreen prevented an unrecognized app from starting. Running this app might put your PC at risk.", with the two buttons: "Run anyway" and "Don't run".

Another Microsoft resource states the following (quote): "Although not required, programs signed by an EV code signing certificate can immediately establish a reputation with SmartScreen reputation services even if no prior reputation exists for that file or publisher. EV code signing certificates also have a unique identifier which makes it easier to maintain reputation across certificate renewals."

My experience is as follows. Since 2005, we have been using regular (non-EV) code signing certificates to sign .MSI, .EXE and .DLL files with time stamps, and there has never been a problem with SmartScreen until 2018, when there was just one case when it took 3 days for a beta version of our application to build trust since we have released it to beta testers, and it was in the middle of certificate validity period. I don't know what SmartScreen might not like in that specific version of our application, but there have been no SmartScreen complaints since then. Therefore, if your certificate is a non-EV, it is a signed application (such as an .MSI file) that will build trust over time, not a certificate. For example, a certificate can be issued a few months ago and used to sign many files, but for each signed file you publish, it may take a few days for SmartScreen to stop complaining about the file after publishing, as was in our case in 2018.

As a conclusion, to avoid the warning completely, i.e. prevent it from happening even suddenly, you need an Extended Validation (EV) code signing certificate.

User · Answer

UPDATE  Another writeup here    How to add publisher in Installshield 2018    might be better       I am not too well informed about this issue  but please see if this answer to another question tells you anything useful  and let us know so I can evolve a better answer here   How to pass the Windows Defender SmartScreen Protection  That question relates to BitRock - a non-MSI installer technology  but the overall issue seems to be the same   Extract from one of the links pointed to in my answer above      a certificate just isn t enough anymore to gain trust    SmartScreen is reputation based  not unlike the way StackOverflow works    SmartScreen trusts installers that don t cause problems  Windows machines send telemetry back to Redmond about installed programs and how much trouble they cause  If you get enough thumbs-up then SmartScreen stops blocking your installer automatically  This takes time and lots of installs to get sufficient thumbs  There is no way to find out how far along you got    Honestly this is all news to me at this point  so do get back to us with any information you dig up yourself     The actual dialog text you have marked above definitely relates to the Zone Identifier alternate data stream with a value of 3 that is added to any file that is downloaded from the Internet  see linked answer above for more details      I was not able to mark this question as a duplicate of the previous one  since it doesn t have an accepted answer  Let s leave both question open for now   one question is for MSI  one is for non-MSI

User · Answer

After clicking on Properties of any installer  exe  which block your application to install  Windows Defender SmartScreen prevented an unrecognized app   for that issue i found one solution         Right click on installer  exe     Select properties option    Click on checkbox to check Unblock at the bottom of Properties        This solution work for Heroku CLI  heroku-x64  installer  exe

[windows] How to avoid the "Windows Defender SmartScreen prevented an unrecognized app from starting warning"

Examples related to windows

Examples related to installation

Examples related to windows-installer