Would a digital code signing certificate allow downloads through Norton and SmartScreen

I Install my product using SageKey which produces an executable install file.  It is often rejected as potentially harmful.  Would a digital certificate prevent this?

Digital certificates are expensive so I don't want to waste money.

If you have any experience, please share it.

Thanks in advance.
Clive BeatonAccess DeveloperAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

btanExec ConsultantCommented:
Typically AV will safeguard to prevent any download that is executable. You can consider having it as safe download since it is legit software or ask SageKey if it has  digitally sign programs with an Authenticode signature and this increase the software as trusted application for download and running. See SmartScreen faq (bottom) https://feedback.smartscreen.microsoft.com/smartscreenfaq.aspx
When the Windows Defender SmartScreen block is shown, click View Downloads.

In the IE10 or Microsoft Edge Download Manager, right-click on the download and choose Download unsafe file.

When the file download is complete, it can be launched by right-clicking on the item again and choosing Run anyway
For Norton exception, you can check out under "Settings > Antivirus > Scans and Risks > Exclusions / Low Risks"

In any case, SageKey has digital signing capabilities and if normally digital certificate is the way forward for signing purpose. There are free ones but mostly for SSL TLS website, but worth try. See below.
https://www.sslshopper.com/article-free-ssl-certificates-from-a-free-certificate-authority.html
Shaun VermaakTechnical SpecialistCommented:
Would a digital [code-signing] certificate prevent this?
It will greatly reduce these prompts. But without knowing the function of your apps, the reputation of the site that hosts these files I cannot say that it will 100% prevent this.
Clive BeatonAccess DeveloperAuthor Commented:
Thank you.  I'll take your advice, try it, and let you know.

CRB
Virus Depot: Cyber Crime Becomes Big Business

The rising threat of malware-as-a-service is not one to be overlooked. Malware-as-a-service is growing and easily purchased from a full-service cyber-criminal store in a “Virus Depot” fashion. View our webinar recording to learn how to best defend against these attacks!

btanExec ConsultantCommented:
Digitally sign programs with an Authenticode signature will help as shared earlier.
If I am an application owner, what can I do to help minimise the chance of my program being flagged as “not commonly downloaded” by Windows Defender SmartScreen?

A. There are industry best practices for application developers that will affect your download's reputation and help ensure reputation is established and maintained. If your program is not digitally signed, reputation cannot automatically be shared across different versions and builds.

To help establish your application's reputation, consider doing the following:

Digitally sign your programs with an Authenticode signature

Reputation is generated and assigned to digital certificates as well as specific files. Digital certificates allow data to be aggregated and assigned to a single certificate rather than many individual programs. Only Authenticode Certificates issued by a Certificate Authority (CA) that is a member of the Windows Root Certificate Program can establish reputation
You can consider signtool (SignTool.exe) to sign application and you will need the code signing certificate.

https://www.digicert.com/code-signing/signcode-signtool-command-line.htm
Clive BeatonAccess DeveloperAuthor Commented:
Thanks, I will get back to you.
Clive BeatonAccess DeveloperAuthor Commented:
Is there a difference between Authenticode signing and signing with a certificate from Comodo?

Thanks in advance.
btanExec ConsultantCommented:
No.
The outcome is to support code signing.
https://www.instantssl.com/code-signing/code-signing-process.html

Authenticode is a Microsoft code-signing technology that identifies the publisher of Authenticode-signed software.

Using this technology, it allows users to verify the identity of the software publisher by chaining the certificate in the digital signature up to a trusted root certificate. Comodo is just one of the trusted CA in the code signing certificate chain of publisher.

Active X controls, Java Applets and other software distributed through the Internet should all be signed with a Code Signing Certificate. E.g. IE recognized all signed entity as long as the publisher or issuer is one of the trusted root CA.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Clive BeatonAccess DeveloperAuthor Commented:
Thanks btan.  Very helpful.

CRB
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Anti-Virus Apps

From novice to tech pro — start learning today.