Monday 4th October, 2021
Windows Smartscreen is a great idea, but if you develop downloadable software for Windows it can sometimes be incredibly frustrating.
That has certainly been our experience this year, as Windows has displayed the following warning when running every build we have released since we renewed our code signing certificate:
What this warning means is that Smartscreen does not recognise the executable (fair enough, as the chances are we had only just built it when it was downloaded), and does not yet trust the code signing certificate (we know that an EV certificate would help with this, but only at the cost of a loss of flexibility in the build process).
To the end-user (and yes, I include many developers in that) this warning must be offputting, to say the least. The lack of a "Run Anyway" button just compounds that. To see that, you have to click on the "More info" link to reveal it, as well as the name of the executable file and publisher:
The warning usually disappears after a few days as customers download and install the update, but this time it has been different and we have been pulling our hair out over this for months.
More than one build has been submitted to Microsoft for analysis, but we never had any luck until last week, when we received this feedback:
We do not know exactly how the internal logic Microsoft use to trigger Smartscreen warnings has changed in recent months, but we suspect it has in some way.
Coincidentally, at the same time as we submitted this file for analysis we also uploaded the same executable directly to the Visual Studio Marketplace, rather than (as previously) linking to the product page. Maybe that also helped - who knows?
Regardless, it's welcome as it means that Visual Lint 184.108.40.2062 no longer triggers the Smartscreen warning, and hopefully as the code signing certificate builds reputation other builds will cease to do so too.
At least, we hope so.