Trusted Signing: Regression in SmartScreen reputation following transition to "Microsoft ID Verified CS EOC CA 03"

Question

Issue: Since approximately April 1st, 2026, all binaries signed via Azure Trusted Signing for our company (PrestoSoft LLC) are triggering Windows SmartScreen "Unrecognized App" warnings. Previously, with the exact same workflow and account, files had established reputation and no warnings.

Technical Observation: We have identified that the regression coincided with the service shifting our signing chain to a new Intermediate CA.

Current (Failing) Intermediate CA: Microsoft ID Verified CS EOC CA 03 (SHA1: C1E16A2011AA98EAA598F759A13BDA2E742D8881)

Previous (Working) Intermediate CA: [Mention CA 01 or 02 if you have old logs, otherwise leave this line out]

Verification Status: signtool verify /pa /v returns "Successfully verified" with 0 errors and 0 warnings. The chain is valid and the timestamp is correct.

Impact: Our users are being blocked from running our software (ExamDiff Pro). This appears to be a backend synchronization issue between the new Trusted Signing Intermediate CAs and the SmartScreen reputation database.

GitHub Issue Reference: https://github.com/Azure/artifact-signing-action/issues/128

Can the product team confirm if the reputation-matching logic for the "EOC CA 03" branch is fully propagated to the SmartScreen service?

Answer 1

You should not see the messages anymore.