Custom exe being detected by Windows Defender [duplicate] - powershell

I always use Inno Setup for packaging and publishing. Users download the application using a link for example: https://oursite.com/codesigned/mysetup.exe
Till now, it always worked. But recently I have to renew my code signing certificate because its expired. After renew I have SmartScreen problem, every users download the application and gets this Smartscreen which was not before.
I have used signtool.exe verify /pa innosetup-made-myexe.exe and it shows successful, also I have done the verification with Windows Application Certification Kit, that shows it is PASSED, but with WARNNINGS, all those WARNNINGS mostly generated by Inno Setup.
Here you can find the output, where its showing WARNINGS on Inno Setup exes:
https://docs.google.com/document/d/11frW_GxI0xSVcrAXh4_rqcKBQSaermAlpYKj4xzQi4o/pub
How can I fix this problem?
(still not sure if its Standard Code Signing vs EV code signing issue? I already used Standard Code Signing for few years, it always worked. I can upgrade to EV Code signing, but how can I make sure its not Inno Setup compiler problem? As you can see already the WARNNINGS are shown in the URL above to Inno Setup)
To verify if it's Inno Setup or code signing issue (see https://stackoverflow.com/a/29067585/285594), I have done following:
From Microsoft, I have downloaded the file call winqual.exe, which does not need Inno Setup.
I code signed the winqual.exe and uploaded to my same server
I downloaded the same file with Internet Explorer and it works without showing me the SmartScreen.
Does it make any sense now if Inno Setup is the main cause of this problem?

Nowadays, you have to use EV code signing certificates.
See Transferring Microsoft SmartScreen reputation to renewed certificate.
Below is the original answer, which addresses some specifics of the question.
If you believe the problem is due to an unsigned uninstaller, make sure you set the SignTool directive of your Inno Setup project accordingly. And make sure SignedUninstaller directive has its default value yes.
Quoting SignTool directive documentation:
Specifies the name and parameters of the Sign Tool to be used to digitally sign Setup (and Uninstall if SignedUninstaller is set to yes). When Setup has a valid digital signature, users will not see an "unidentified program" warning when launching it.
If you want to set NXCOMPAT and DYNAMICBASE flags to the uninstaller, you can create a sign.bat batch file that both calls signtool.exe and editbin.exe:
#echo off
editbin.exe /NXCOMPAT /DYNAMICBASE %1
signtool.exe sign ... %1
The calls need to be in this order, otherwise the editbin.exe breaks the signature.
Then use the sign.bat instead of signtool.exe in the SignTool directive.
Though I do not really think this is necessary, nor helps anything.

I think this is normal behavior.
When your software collect enough "likes" = downloads or installs the SmrtScreen will automatically turn off this message.
It is really annoying feature because with every software release you need to wait appropriate time while the software become "popular" and it is recognized as safe (no certificates or antivirus methods can solve it).

You do NOT need this "Windows Application Certification Kit".
What #slappy says is correct:
After renewal of your certificate, you need enough downloads and "good reviews" before this message goes away.
What you need to do is to download your application using Microsoft Edge (not Chrome or Firefox!!!).
It will most likely say "This download may be dangerous and has been blocked".
Then you can choose "Keep anyways". And then you can choose "Report as Secure".
And THEN even Smart Screen says that it doesn't trust your app (even though it's digitally signed, LOL!!!!), then you have to choose "More..." and "Install anyways".
Install it on your computer! I think that is important.
I have used 5 different computers and reported my apps as secure multiple times and installed it.
I have also asked 2 friends (because of their different IP address) to do the same.
I hate this so much!!!!!!!!!!
After 1 day, the error message was gone.

Related

Powershell DSC: Run regular code in DSC

I have a DSC I am creating for web server configuration. My website will be using HTTPS, meaning that I have to have a certificate in a store. I don't see any modules designed to do this, so I was wondering how I could run regular Powershell functions in a DSC but keep the good parts of the DSC.
My workflow is as follows:
1 . Check if certificate exists
If cert doesn't exist in the store, add it.
If the cert does exist, grab the the Thumbprint to use in the xWeb xWebsite.BindingInfo.MSFT_xWebBindingInformation.CertificateThumbprint property.
As of now, I've got the code written to do the following actions, but I would still like to make use of the [DependsOn] functionality found in DSCs so I can handle any errors involved with creating/accessing the certificate.
Any help is greatly appreciated.
https://serverfault.com/a/638926/236470
Use Microsoft's xCertificate module (with the xPfxImport resource) for this purpose.
Full disclosure: I wrote the original version of this resource (it's open source in Microsoft's repo now and has since had other contributors).
To answer your original question, you would use the Script resource to run arbitrary code without creating your own resource.

“Unknown Publisher” strange certificate issue

Ok, here is the strangest thing you will read. You definitely won't believe me but if you try it for yourself you will see it is true.
For some reason, and for NO reason we are getting an "Unknown Publisher" Windows warning message with one of our programs that we have had in distribution for years.
The exe is code signed just like our other exe's and the problem does not present in our other exe's....only on one program.
Here is where it gets weird:
When the program is downloaded from any website (like our website, dropbox, google drive, etc) and then double-clicked for installing, the Windows warning message appears with "Unknown Publisher" message. However, if I take the SAME file and copy it onto a USB thumb drive, then copy it back onto the computer so that the exe is no longer from the web, but instead from a USB drive, then the warning message doesn't appear and my company name appears instead of "Unknown Publisher".
Also, if I drag and drop from ftp directly to the downloads folder, no issue. If I download the SAME file from our website, issue!
There is no A/V software running. I have tried with spaces and underscores in the file name. Nothing makes a difference. I am out of things to try! :-(
Has anyone experienced this before? Is there some solution?
Here is a link to the program: https://www.digigames.com/Software/Trivia%20Board%20Pro%204.exe
Your help will be greatly appreciated!!
Ok, the solution was that we are using SHA-1 certificates, which apparently as of Jan 1, 2016 Windows no longer honors. The solution was to replace our certificate with an SHA-2 / SHA-256 certificate.
GOOD GRIEF!!!!!

How do I prevent my exe4j executable being flagged as Bloodhound trojan by Symantec Endpoint?

I created a java application and wrapped it in executable using exe4j version 5, but every time I start the executable the symantec endpoint protection 12 quadrant the exe file because it thinks the executable is bloodhound Trojan. But this problem does not exist if I create the executable with exe4j version 2 or less.
Same issue happened if I used install4j to create install package.
Is there is any settings need to be done to exe4j or install4j project to fix this problem
This is a false positive. Unfortunately this happens from time to time. You can report this to the anti-virus software vendor, they all accept false positives reports. Usually, this is then fixed with the next update of their virus definitions.

iPhone: Valid signing identity not found annoying error

I know that this is very common problem and I have gone through almost all the similar threads out here but no luck! This started happening after I renewed my membership with Apple!
I have confirm that I have private and public key in Key Chain, the required certificate listed under My Certificate, have my development certificate, and AWDR certificated installed but still under XCode organizer I get message saying "profile doesn't match any valid certificate/private key pair in default key chain". I also restarted mac twice.
Also I have confirmed everything mentioned at http://developer.apple.com/library/ios/#qa/qa1618/_index.html
What else to do? I have been scratching my head since last 3-4 hours now without any luck!
Thanks.
You could try and have a look at the project.pbxproj located inside the .xcodeproj package (open it by right clicking and select 'Show package contents'). Search the file for PROVISIONING_PROFILE and make sure everything checks out to the correct profiles. I've had problems in the past when Xcode doesn't really update this file but when I do it manually it works.
After so much pain I exported keys from other MAC where it works and imported on my Machine and RESTARTED MAC then it started working!
I could have revoked the certificates and create them from scratch so while generating CA Authority request certificate private keys would be generated on my machine. Learn to save these keys in .p12 format on shared location so that you simply need to double click to install it again!

Installshield 2009 installer refuses to onfigure for a second user (did work until recently)

Since years we use installshield to deliver our software. Since the last Version of our software the following happens:
After installing the program for "all users", when a restricted user logs in, he sees our applications Icon on the desktop. When double clicking it the first time a dialog appears "Configuring ". In recent versions after a while the dialog disappeared and our program stared. Now the process is aborted with a message: "The function is hosted on a unavailable network resource". Our program does not start. But when we create a shortcut to the .exe file by hand everything's fine.
We did not make any modifications to the installer project recently (besides changing the Version number). We also denied to install updates.
Questions:
What can the problem be?
How can i debug a installer?
Not so sure about Installshield (I use Wise) but you should check the following:
Set the MSI Property "ALLUSERS" to 1 in the "Property" table of the MSI database. See Windows Installer SDK documentation for more details. This ensures that all users get a shortcut for launching the application.
Call your installer with
MSIEXEC.EXE /v MyInstall.MSI
from the command line (this sets the logging to verbose) - might help!
Liam