How can I stop Windows saying my software might be harmful?
When my clients download my application, Windows, browsers, Norton et al say my software might be harmful. How can I stop this?
Thanks in advance.
Thanks in advance.
One way is to sign your application with a certificate that is from a trusted root certificate provider or from a self-signed certificate where your certificate is trusted on the client's PCs.
Have you approached Symantec Support?
There is some software I have to exclude from Symantec (Cain/Abel, Unlocker and a couple of others) but nothing major.
There is some software I have to exclude from Symantec (Cain/Abel, Unlocker and a couple of others) but nothing major.
So you compiled a Windows binary or installation and every machine shows it has harmful?
On your corporate Network do you have a Enterprise Management Tool for Norton to exclude that binary file?
Does is show up as harmful before or after the installation?
If the user has permissions, they can right click the install or the binary EXE and "Add to Exclusion List" for Norton but on most business networks this is disabled.
Depending on internal Group Policy settings and both Norton it may not accept a "self-signed" certificate.
You would need a Internal CA like Microsoft CA to generate a software signing certificate but depending your Domain version you might not have the option for SHA2 only SHA-1 which is deprecated leaving a third-party vendor certificate like Verisign.
You would need minimum of SHA256 and prefer a private key generated prior to CSR that is RSA256 then 2048 Bit on the SSL Certificate when you submit your CSR.
On the self-signed certificate or Microsoft CA there are Group Policy settings to "allow" or set those as Trusted Root Authorities so they show up properly from the Microsoft CRYPTO API perspective.
MMC Console > Add Remove Snap-in > Certificates > Local Machine (not user) > Trusted Enterprise Root Certificate Authorities and any Intermediates go in the Trusted Intermediate Store.
On the self-signed you could try exporting to PFX from the source where you generated the original CSR and having the private key. Depending on where you created the private key, CSR then obtained the CER or CRT you could use the DIGICERT Utility to extract the private key and CRT key file to separate files if you have the P7B or PFX file that is the certificate with Private key.
On your corporate Network do you have a Enterprise Management Tool for Norton to exclude that binary file?
Does is show up as harmful before or after the installation?
If the user has permissions, they can right click the install or the binary EXE and "Add to Exclusion List" for Norton but on most business networks this is disabled.
Depending on internal Group Policy settings and both Norton it may not accept a "self-signed" certificate.
You would need a Internal CA like Microsoft CA to generate a software signing certificate but depending your Domain version you might not have the option for SHA2 only SHA-1 which is deprecated leaving a third-party vendor certificate like Verisign.
You would need minimum of SHA256 and prefer a private key generated prior to CSR that is RSA256 then 2048 Bit on the SSL Certificate when you submit your CSR.
On the self-signed certificate or Microsoft CA there are Group Policy settings to "allow" or set those as Trusted Root Authorities so they show up properly from the Microsoft CRYPTO API perspective.
MMC Console > Add Remove Snap-in > Certificates > Local Machine (not user) > Trusted Enterprise Root Certificate Authorities and any Intermediates go in the Trusted Intermediate Store.
On the self-signed you could try exporting to PFX from the source where you generated the original CSR and having the private key. Depending on where you created the private key, CSR then obtained the CER or CRT you could use the DIGICERT Utility to extract the private key and CRT key file to separate files if you have the P7B or PFX file that is the certificate with Private key.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you, Scott, and all others who have contributed.
ASKER
Thanks in advance.