Why dies SmartScreen still appear even though I have signed my project with a purchased Code Signing Certificate?

Robert Barnes 71 Reputation points

I have purchased a Code Signing Certificate from Sertigo, a Certification Authority. However when I download the application I still see the Smartscreen, and although More Info identifies the supplier (Jazz Software Ltd), the [Run Anyway] button appears, I can click it and the software downloads, and installs properly. From More Info, the certificate details can be displayed. Everything is OK except that I don't understand why the Smartsceen appears.

For another user (large company with stringent security settings) the [Run Anyway] button doesn't appear, and they can't download the software. Major problem.

I found this article which seems to have the answer

But the original article was written for Windows 8 in 2012, and perhaps things have changed in 10 years.

Question 1. Is it still necessary to use Signtool to explicitly sign the project, i.e. it is not sufficient to import a purchased Code Sharing Certificate by using Visual Studio opened on the signing page of the project, and using [Select from File]?

Your answer should be "No" because it's reasonable to think that you only need to use [Select from File], but from the results I get I'm assuming that your answer is "Yes"... so continuing on this assumption: -

Clearly #3, Pre Publish, is the way to go eventually, but since my practice is to publish locally and then use FTP to explicitly put this on the web site, I'll use #2, Signing the application executable post-build, at first.

I need to execute a command based on
"C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin\signtool.exe" sign /f "$(ProjectDir)TestWin8CO_TemporaryKey.pfx" /p nightbird /v "$(ProjectDir)obj\x86\$(ConfigurationName)\$(TargetFileName)"

I'm using VS2019, and so I found SignTool at C:\Program Files (x86)\Microsoft SDKs\ClickOnce\SignTool

My project ($(ProjectDir) is

$(ConfigurationName) is Debug

$(TargetFileName) is Jazz.exe

Based on that, I think that (except for the password) the command will be

"C:\Program Files (x86)\Microsoft SDKs\ClickOnce\SignTool\Signtool.exe " sign /f "C:\Users\Robertbw10\source\repos\Jazz\Jazz\jazz-software.pfx" /p xxxxx /v "C:\Users\Robertbw10\source\repos\Jazz\Jazz\obj\x86\Debug\Jazz.exe"

Question 2 Will you please confirm that this command looks reasonable given that these objects are what I find with File Explorer.

The referenced article continues
After you’ve created your version of the post-build command, you need to put it in the project properties. Double-click on Properties and click on the Build Events tab. Put your command in the Post-build event command line box.

I found Build Events as a button from the Compile tab of properties, I assume that this is a change from earlier Visual Studios, so I'll put the command there and rebuild the project if I get feedback that the answers to both Question 1 and 2 are "Yes".

Thank you for helping me, Robert.

An object-oriented programming language developed by Microsoft that is implemented on the .NET Framework. Previously known as Visual Basic .NET.
2,629 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Jiachen Li-MSFT 27,581 Reputation points Microsoft Vendor

    Hi @Robert Barnes ,
    Have you tried the method in the link you provided?
    The responses in the link below may explain the situation.
    Best Regards.
    Jiachen Li


    If the answer is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments No comments