Distributing Windows Application - browser and antivirus problems

Question

We have Windows application (MSI install package), downloadable from our site. The problem is, that browsers and 3rd party antiviruses prevent some users from download an APP. Is there a way to make our MSI package more trustable for browsers and antivirus? Maybe it can be checked and uploaded in some other resource, and downloadable for users from here? P.S. We use code signing certificate, and Windows store is not a variant for us now.

Answer 1

We've been building and releasing the same application for almost 20 years and AV false positives can still create problems. This is how we do it today:

After each release, we scan our new setup on https://www.virustotal.com/gui/home/upload and if we notice any AV vendors flagging it we reach out to each of them and submit a request for false positive removal. They all have some form or email address where you can contact them.

They usually process these requests in a few days, so no real big problem for our users and doesn't take a lot of time.

Now, with SmartScreen, there is another story. Even if our package was digitally signed for over a decade, 2 years ago when we renewed our certificate Windows flagged our installer for about 2-3 months.

This was an installer with hundreds of thousands if not millions of users in the last decade. In the end, its reputation system got back to normal and stopped flagging it but it was really annoying for our customers.

The solution to this is to buy an EV certificate (confirmed by some of our customers) and then you will get an instant reputation with SmartScreen. This Spring our normal certificate expires and we will go the EV route too.

You can read more about digital signing and EV certs in the following articles:

• Why EV Code Signing? EV Code Signing vs. Regular Code Signing
• How to avoid the "Windows Defender SmartScreen prevented an unrecognized app from starting" warning