Submission for malware analysis

Ivan Molyavko 6 Reputation points
2021-12-09T12:59:38.763+00:00

We are developing a desktop application and signing it with a Microsoft certificate. However, Microsoft Defender SmartScreen displays a message that the application may be malicious and prevents it from running. We sent the application to malware analysis and it successfully passed it. However, we are constantly releasing updates, and new versions of the application cause malware notifications from Microsoft Defender SmartScreen. How can We avoid these messages appearing for new versions of our application? Is this even possible, or are we forced to check every version of the application by sending it to malware analysis? How long does the certificate's reputation take to establish?

Windows 10 Security
Windows 10 Security
Windows 10: A Microsoft operating system that runs on personal computers and tablets.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
2,907 questions
{count} vote

3 answers

Sort by: Most helpful
  1. Reza-Ameri 16,971 Reputation points
    2021-12-09T15:10:09.157+00:00

    SmartScreen filter is different from the Microsoft Defender Anti-Malware. I believe in your previous submission, it was okay, then you don't have to re-submit it. Submit the sample of the malware is when Microsoft Defender or other Microsoft Anti-Malware products, detects it as a malware and associate a name to it. However, the SmartScreen filter is based on many factors including reputation and when many users are downloading it, then it classifies as safe. In your case, I advise you to check with local Microsoft Office in your country. Make sure you re releasing the update through a safe method and trusted website.

    1 person found this answer helpful.

  2. Andrew Blumhardt 9,856 Reputation points Microsoft Employee
    2021-12-09T15:24:08.857+00:00

    Is this an internal or external application? If you are using Defender for Endpoint the certificate and file hash updates can be added as an indicator exclusion. I believe smart screen has a high trust level for apps on the Microsoft store. You might consider publishing external apps to the MS Store. https://developer.microsoft.com/en-us/microsoft-store/

    I assume you are using something like this for submission? https://www.microsoft.com/en-us/wdsi/filesubmission

    1 person found this answer helpful.

  3. Limitless Technology 39,611 Reputation points
    2021-12-09T18:46:53.243+00:00

    Hello @Ivan Molyavko

    Please check the next guides to certify your application with Microsoft.

    https://learn.microsoft.com/en-us/windows/win32/win_cert/windows-certification-portal

    Additionally, signing of drivers and applications for Windows 10 and later needs to be done using a SHAv2 certificate as SHAv1 is not anymore considered a secure signature by Microsoft.

    Hope this helps with your query,

    ------
    --If the reply is helpful, please Upvote and Accept as answer--

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.