Windows Smart Screen and Code Signing

by: Anthony Garland

While developing Graderworks, I ran into an issue with Windows Smart Screen filter. When users would download and run the installer, it would pop up with this message.

Naturally, this discouraged customers from using the free 30 day trial of Graderworks. If I were a client, I would likely not install the software either. 

Unfortunately, there is not a good solution. All you can do is have your installer signed with a digital code certificate. You can see in the image that my installer is signed, but it is still being flagged as dangerous. Even with this certificate, the smart screen filter did not go away for almost two weeks. Although Microsoft gives information on how to sign an application, I found their tutorial only moderately helpful. 

These are the steps I followed to get my installer signed.

  1. I used cheapsslsecurity.com generate a code signing certificate. 
    • The certificate is actually from Comodo but sold through cheepsslsecurity.com
    • It cost me $85 for a 1-year certificate
    • I had to make a YellowPages listing for my business with a valid phone number (this was required by Comodo). 
    • I had to send Comodo information about my business from the SC secretary of state (i.e., my LLC articles of organization). You can make an LLC pretty quickly at SC Business One Stop.
    • Comodo called me to verify my phone number. (Basically, Comodo wants to prove that I'm a real person that can be sued if I start distributing malware.)
    • I downloaded my certificate using Firefox (don't use Google Chrome, it won't' work). 
  2. I installed the Windows 10 SDK 
  3. I added C:\Program Files (x86)\Windows Kits\10\bin\x86 to the windows system environmental PATH variable
  4. Then, using Powershell, I ran this command, and it worked!

>> signtool.exe sign /f comodocodsigningkeycertificate.pfx /p secretpassword Graderworks2.0.exe

My critique of Microsoft is 1. The steps needed to sign my certificate were not clear. It was not clear at all that I needed to install the Windows SDK and add the kit\bin folder to the PATH variable. Also, it was not clear that signing my installer would not result in the smart screen filter being immediately removed. 2. The 'reputation' system used by the smart screen filter makes some sense, but more transparency would be helpful. In the end, it hurts small business who have just released a new application and have no 'reputation'. 

 

Join our free mailing list!

Graderworks

  • Grade student's SOLIDWORKS files quickly
  • Catch Plagiarism
  • Export SOLIDWORKS files to another format in bulk
View Software

Recent Articles

Evaluation of Humans and Software for Grading in an Engineering 3D CAD Course

Anthony Garland and Sarah Grigg published a paper showing the effectiveness of a

New Grading Items in GW 4.07 - 4.30

Gradeworks can help you automated SOLIDWORKS grading. New grading items include:

Graderworks 4.00

We are happy to release Graderworks 4.00. This new version of Graderworks is a c

Graderworks 3.10 Check for Fully Defined Sketches

What's new in Graderworks 3.10? Increased data collection speed. Check for fully

Graderworks 3.00

Graderworks 3.00 has new improvements which help fully automate grading of SOLID

Graderworks: SW 2017, Config files, Command line args

Graderworks 2.36 and higher is compatible with SOLIDWORKS 2017. Graderworks now

Graderworks: An Official SOLIDWORKS Solution Partner

Garland Industries is happy to announce that Graderworks is now an official SOL

Graderworks 2.35

Several more improvements have been made to Graderworks in version 2.35.

Graderworks 2.32 Release

Graderworks 2.32 represents continued incremental improvement in the overall qua

Design Automation Example

A design automation example is given showing topology optimization coupled with

Graderworks 2.31

Graderworks 2.31 includes the following updates. 1. When analyzing .stl files th

Graderworks 2.3 Update

Update on Graderworks 2.3 Several major bugs were fixed.

Graderworks 2.3 Release

Graderworks 2.3 allows you to compare the geometric similarity of .stl files wit

Turnitin vs. Graderworks

Graderworks is the Turnitin of 3D models. Not using a plagiarism checker in a So

Getting Started with Graderworks

This tutorial shows how to get started analyzing and grading Solidworks part fil

The Making of Graderworks Video

As an engineering entrepreneur, marketing is not my strength. To make high-quali

Organizing hundreds of .stl files for 3D printing

How would you 3D print hundreds of .stl files in the shortest time possible usin

What is unique about 3D printing?

3D Printing offers many new exciting possibilities, but why is it unique? Three

How 3D printing works

3D Printing requires three steps. 1. Getting a 3D model. 2. Slicing the model to

Preprocessing files for Graderworks: Converting .rar to .zip

Solidworks students submit .rar files instead of .zip. Graderworks requires .zip

Windows Smart Screen and Code Signing

A short tutorial on how to sign a Windows installer and what the smart screen fi

What should we 3D print?

3D Printing opens the possibility of mass customization of consumer products. Ma

Software, dying on the journey from academic project to commercial tool. 

Does software make it from academic research to useful commercial tools? Ignoran