Lately I'm getting a warning from MS when installing... you have to
click more, then run anyway. Anyone else seeing that?

--
Ray Rippey
VMT Software

>Lately I'm getting a warning from MS when installing... you have to
>click more, then run anyway. Anyone else seeing that?
>

Installing what? SetupBuilder?

Or do you get a scary dialog when running your own, SB-created installer?

Do you have a new code-signing certificate?

Maybe you could share a screenshot of that warning?

Regards,
Wolfgang Orth
www.odata.de

Please note:
From time to time it happens, that I overlook a reply to my postings.
Please don't be angry.
In case of an emergency, try to contact me via mail.

Bitte beachten:
Von Zeit zu Zeit passiert es mir, dass ich Antworten auf meine Postings übersehe.
Bitte nicht böse sein.
Im Notfall bitte Kontakt per Mail versuchen.

Ray,

similar to this one?

http://www.lindersoft.com/forums/showthread.php?47837-Need-Help-SetupBuilder-certificate-2018-reputation-(screenshots-attached)

Friedrich

Yes, that's the one. Also, I just went into my General Information area
and updated the digital Signature spc, pvk, and pfx and am getting a
gen1053: Code signing process failed. Error code: 1. I believe this is
the area to code sign the install itself.

Not sure what that error is.

It was fine until I did that. I had already setup the code signing in
the options before and that worked.. although I got the screen sometimes
when installing (below).

I shouldn't have messed with it... but I wouldn't have thought it would
hurt.

And even though the compile process aborts.. the install is still made,
but only with the sha1 signature.

Ray Rippey
VMT Software

So... went back and copied all my files into the area where they would
again get signed.... and it worked, including signing the install. Maybe
I needed to exit Setupbuilder... or all of the files had to be signed
again.. I did those two things.. and of course don't know which one
caused it to work. My guess would be I needed to exit setupbuilder after
I change the signature in the Sig for the install.

As far as that screen that comes up in Windows... It only happens on
other peoples computers... guess I'll try it at home.. there was
something about if I was the vendor... but I was on someone elses
computer. I guess this is that reputation issue. I just recently got a
new code signing certificate.

Ray Rippey
VMT Software

So, I still get this error. And I have personally installed a few dozen.
How many does it take? I don't want to update my demo install until this
goes away.. because I'll lose a lot of possible customers if they see that.

I submitted to Microsoft but to no avail. Not sure where to go next.

Thanks,

Ray Rippey
VMT Software

Is this what I'm up against?

https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-intelligent-security-graph


Ray Rippey
VMT Software

>
> I submitted to Microsoft but to no avail. Not sure where to go next.
>

Please post screenshots from your code-signed certificate. Similar to the
attached ones.

You need at least a SHA-2 signature. Dual-signatures are better. Perhaps
you only did a SHA-1 signing?

Friedrich

Hi Friedrich,

> Please post screenshots from your code-signed certificate. Similar to the
> attached ones.
>
> You need at least a SHA-2 signature. Dual-signatures are better. Perhaps
> you only did a SHA-1 signing?

I haven't done SHA-1 for a few years now, just SHA-2. My last two
certificate renewals I've only done SHA-2. I don't think Comodo offered
SHA-1 the last time I renewed...

Best regards,

--
Arnor Baldvinsson
Icetips Alta LLC

Arnor,

> I haven't done SHA-1 for a few years now, just SHA-2. My last two
> certificate renewals I've only done SHA-2. I don't think Comodo offered
> SHA-1 the last time I renewed...

I just got my new cert and I can sign 1 and 2, no problem.

--
Lee White

RPM Report Preview: http://www.cwaddons.com/products/rpm/
Creative Reporting: http://www.CreativeReporting.com

Hydrogen, the only CLEAN fuel and the future of clean air.

Hi Lee,

>
> I just got my new cert and I can sign 1 and 2, no problem.

OK, interesting!

Best regards,

>
--
Arnor Baldvinsson
Icetips Alta LLC

Dwsetup.exe is the install and work.exe is the main program. It all
looks good to me.

Thanks,

Ray Rippey
VMT Software

Hi Arnor,

AFAIK, all SHA-2 certificates also supports SHA-1 signing.

Friedrich

Ray,

yes, the signatures are definitely okay and valid. So the signing process
succeeded.

So only two possible reasons for this:

1. The code-signing certificate does not have a "reputation" (you need more
downloads and executions to earn a reputation)

and/or

2. If it is only on this machine, you need a root certificate update
(handled via the normal Windows Update process).

If you are interested, post a link to one of your signed .exe files and we
can check the reputation thing.

Friedrich

Hi Ray,

this is what I see here on our machines. A perfectly valid UAC prompt with
code-signature (verified publisher).

Friedrich

BTW, are you sure your root certificates are up-to-date?

http://www.lindersoft.com/forums/showthread.php?47724-Can-an-EXE-self-check-whether-a-digital-certificate-is-broken&p=88826&highlight=revoked#post88826

The file you sent has a valid code-signature and your certificate does seem
to have a good reputation.

Friedrich

Friedrich,

Thanks for checking it out. I checked out my root certficates and all
looked fine as far as I could tell.. Ran sigcheck and it only showed one
3rd party valid sig for ESET my antiVirus. I uploaded the install to
virusTotal and I did have one flag my program as malicious.. jiamjing
.... Not sure if that's the problem.

I'm not too worried about it except I can't make a new demo copy because
I can't have the demo show these screen... which it currently does not.
Usually when I download the main program it's to update someone and I'm
on their computer with them so I just click past all of this nonsense.

Thanks again,

Ray Rippey
VMT Software

> I just click past all of this nonsense.

And nonsense it is - the AV crowd has got completely out of hand.
Someone or some organization or whatever needs to start controlling
these folk. There is no accountability.

Andre Labuschagne

Well, that's us, the software companies and developers. I know in the
past I've submitted my software to Norton and a few others and I did
eventually get results so my software was 'approved' when installing. It
may also have to do with our customers that trust us, and change their
AV because it messes with our software, their software, that they depend
on. And my customers trust me a heck of a lot more than any of the AV
companies.

Of course that's after you get in the door. If the demo has trouble
installing and whatever AV they use gives them warnings, they won't go
any further in their testing.



Ray Rippey
VMT Software