Windows 8 smart screen does not allow signed clickonce application

2
votes

I have a clickonce application that user installs for offline/online use. I am trying to make it trusted so users do not see the smart screen dialog. Here's what I have done so far

  1. Got a code signing certificate from godaddy
  2. Installed it on the machine that sent the request in User's personal store.

  3. Exported the certificate With private key (exported as PKCS #12 with options included all certificates in the path and Export all extended properties)

  4. In Visual studio, opened signing tab on the exe project. Selected certificate file. Signed Manifest. Used http://tsa.starfieldtech.com for timestamp url. Also checked Sign this assembly)

  5. Published the project that creates the setup.

Now when I try to install the application, the smart screen filter still shows up. I checked properties for setup.exe and digital signatures tab shows my certifcate with sha256 algorithm.

Any one has any experience applying certificate, specifically GoDaddy cert? Any help would be much appreciated

3
clickoncetrusted
@rayhowie. Thanks for editing the question.user559788

3 Answers

3
votes

Add the website you are installing from to the client's list of IE's trusted websites (or ask the user to do so if you don't have access to the client).

How to define a trusted site (microsoft.com)

This worked for me on Win 10 with an unsigned click once application.

If you have access to the clients and want to install it many times, consider automating the process:

How to define a trusted site programmatically (stackoverflow.com)

1
votes

After a bit of research, found out IE marks the downloaded exe as harmful if it is a newer application on the web, does not matter if the application is signed. There is some sort of reputation that needs to be built overtime. See this link https://social.msdn.microsoft.com/Forums/ie/en-US/a252672b-c72a-4d98-a3c0-5929fdc446a2/-not-commonly-downloaded-may-harm-your-computer-message-with-ie-when-my-installer-is?forum=iewebdevelopment

I am going to try to get my application Windows certified from MS. Hopefully that would help bypass the Smart screen filter.

1
votes

For my ClickOnce application, clicking "more info" and choosing the then emerging button "Run anyaway" solved my problem on the user's computer. Windows Smartscreen did no longer block the application afterwards.

My ClickOnce is installed from a network drive and once installed started like an app from the startmenu/search/pinned location on the taskbar.