I am trying to prevent that my application (an installer) will not be blocked by Windows SmartScreen Protection.

I use BitRock and I signed my installer manually but I have always this problem. I bought a valid certificate and the signing with a timestamp is ok.

It's a commercial application and I don't want that the user will be afraid to install it

ps. I dont have an unknown publisher

UPDATE: Similar issue for an MSI installer: How to avoid the Windows Defender SmartScreen prevented an unrecognized app from starting warning?

Older discussion (recommended): How to pass the smart screen on Win8 when install a signed application?

Another writeup here: How to add publisher in Installshield 2018 (might be better).

Too long for a comment. This is an EXE file? Just a couple of things come to mind, though I doubt they will resolve the issue - but a place to start.

BTW: I assume you have contacted BitRock support? (Installbuilder).

False Positives & Blocked Files

1. Have you checked by uploading your EXE installer to virustotal.com to determine if it is flagged as a known unsafe file? (for whatever reason) - virustotal.com runs 60+ security software scanners against your uploaded binary.

   • I would definitely try this to verify. It could be that BitRock installer files are flagged as unsafe in general - for all I know.

   • Such "false positives" can be a very serious deployment problem as security software block your install - and each security software is a problem in its own right, and you sometimes don't know where to beging to resolve it - who do you contact? BitRock first of all - but this may not be the problem.

   • To go beyond the EXE installer and check your running app for false positives, you can try this approach using Process Explorer from Sysinternals. First install your app, then launch Process Explorer as described and check all your running binaries against virustotal.com.

2. Does this dialog show up when you try to run the installer after it has been downloaded from the Internet? Or does it happen outright to the file straight from your local build?

   • When downloaded from the internet the file will have an alternate data stream Zone.Identifier with a value of 3 indicating that the file was downloaded from the Internet. This triggers security warnings.
   • You can remove this stream. You can unblock the file using Powershell or by going to the file's property page:
     • Powershell: Unblock-File.
     • In Windows Explorer: right click the file, go to Properties and remove the blocking (towards the bottom of the dialog). I think this dialog is slightly different in different Windows versions. Sometimes a button Unblock and other times a check box you need to check and then hit OK or Apply.

Neither of these two suggestions are likely to solve your problem, but please comment and let us try to "evolve" this answer once we have more information available.

Some Links:

• How to pass the smart screen on Win8 when install a signed application?
• Will signing an executable prevent SmartScreen from warning the user?
• How can I stop my installer from triggering Windows 10's "This app has been blocked for your protection" error?
  • This particular answer recommended as worth a read (certificates are not enough, reputation is needed).

You can just submit your software to Microsoft for malware analysis https://www.microsoft.com/en-us/wdsi/filesubmission

It worked for me, basically they've established my .exe reputation in a few hours, and now file is can be downloaded and installed without triggering Microsoft Defender Smart Screen.

Took a while to figure this out, their instructions could have been easier, but it works.