Code sign the installer and/or release the app in Store

[martinsuchan]

Right now the installer is not signed and Windows/Edge/SmartScreen is proactively blocking it when it's downloaded.
One way how to solve this is obtaining code-signing certificate and signing the installer and the executable.

Alternatively it should be quite straightforward to publish the app into Microsoft Store, even if it's not UWP app. This will enable simple update path and trust for users when installing this application. With this way you don't even need to purchase expensive code signing certificate.

[authorisation]

store sucks ass

[Masamune3210]

Getting a code signing cert that Microsoft requires is not as simple as it should be

[rcmaehl]

Right now the installer is not signed and Windows/Edge/SmartScreen is proactively blocking it when it's downloaded.
One way how to solve this is obtaining code-signing certificate and signing the installer and the executable.

Alternatively it should be quite straightforward to publish the app into Microsoft Store, even if it's not UWP app. This will enable simple update path and trust for users when installing this application. With this way you don't even need to purchase expensive code signing certificate.

The cheapest SmartScreen bypassing certificates are $180/yr from Sectigo with 3 year agreement, I'm not poor but I'm hesitant to buy one when most people are running with regardless.

Azure is supposedly giving out free code signing certs soon, but I don't think that's out yet.

I'll look into the app store but appstore requirements are a PAIN

[rcmaehl]

Yeah still looks like the UWP requirements are 🤮.

My main concerns from 2018 haven't changed

• Your app always runs with elevated security privileges.
  RIP anything with #RequireAdmin

• Your app writes to the install directory for your app
  RIP anything written with a "portable" option

• Your app uses the Current Working Directory
  RIP anything with @WorkingDir

• Your app uses a dependency in the System32/SysWOW64 folder
  Uhhhh? DLLs?

[rcmaehl]

Also, not sure how well Microsoft would take to the app being on the store 😉

[micwoj92]

Should be able to code sign in GH workflow? But you still have to have cert first (i hope it is the same cetificate)
https://github.com/marketplace/actions/code-sign-a-file-with-pfx-certificate

[slim-python]

For those who are not able to download whynotwin11 tool, because windows defender or your browser is blocking it, try this fix
https://windowsground.com/download-whynotwin11-compatibility-checker-tool-to-check-if-you-can-upgrade-to-windows-11/

[TheDarkerPhantom]

For those who are not able to download whynotwin11 tool, because windows defender or your browser is blocking it, try this fix
https://windowsground.com/download-whynotwin11-compatibility-checker-tool-to-check-if-you-can-upgrade-to-windows-11/

You can report the download as safe (at least with Edge) and still download the file. If more people reported the file as safe, the reputation of the file would likely prevent the file from being blocked. It would still block you from running the application, but you can still run the application after you acknowledge the prompt.

[micwoj92]

@TheDarkerPhantom Could you test what happens with the whynotwin11.zip file from latest release? Is it also blocked from downloading?

[TheDarkerPhantom]

@TheDarkerPhantom Could you test what happens with the whynotwin11.zip file from the latest release? Is it also blocked from downloading?

Only the executable(s) from the releases are blocked by Microsoft Defender SmartScreen.

Here is information on that program. @rcmaehl can submit the files to Microsoft to get the file whitelisted as the developer here.