Unsigned software

Moderator: AdminGroup

Post Reply
zim55533
Posts: 10
Joined: Sat Feb 12, 2022 3:07
Has thanked: 1 time

Unsigned software

Postby zim55533 » Sat Feb 12, 2022 3:15

Are there any plans of signing the executables you provide on your downloads page? Or at least to provide file hashes to verify you've downloaded untampered, official software?
Top
User avatar
fallout9
Posts: 5461
Joined: Wed Oct 03, 2018 20:37
Has thanked: 222 times
Been thanked: 1268 times

Re: Unsigned software

Postby fallout9 » Sat Feb 12, 2022 3:24

We will definitely inform the developer about it.
Top
zim55533
Posts: 10
Joined: Sat Feb 12, 2022 3:07
Has thanked: 1 time

Re: Unsigned software

Postby zim55533 » Sat Feb 12, 2022 13:18

Great, thanks! :D
Top
zim55533
Posts: 10
Joined: Sat Feb 12, 2022 3:07
Has thanked: 1 time

Re: Unsigned software

Postby zim55533 » Wed Feb 23, 2022 20:00

fallout9 wrote:We will definitely inform the developer about it.

I just wanted to add that vkbdevcfg-c.exe & zbootloader2.exe gets caught up in Windows Defender SmartScreen. I submitted false positive reports for the current versions of both of them, but this is what the analyst at Microsoft said that you might want to forward as well:
The warning you experienced indicates that the application had not established reputation with the Microsoft Defender SmartScreen Application Reputation feature at that time. We can confirm that the application vkbdevcfg-c.exe(sha256 –38a78d8bd4999649ae87e175ad1e429cce9239780dec897bf7f86d6aa02d4272) has since established reputation and attempting to download or run the application should no longer show any warnings.
Please note, however, that the submitted files are not signed using a valid digital certificate. Unsigned files will have to establish reputation each time a new version is released.
Application Reputation warnings are meant to indicate when applications do not have known positive reputation. This doesn’t mean that the application is malicious, only that it is “unknown.” Users can still proceed to download and run the application. If establishing reputation immediately is critical, you may want to consider investing in an EV Authenticode certificate.
A valid EV Authenticode certificate can immediately establish reputation with SmartScreen reputation services even if no prior reputation exists. In order to be considered a valid EV certificate, the certificate must be issued by a Certificate Authority that is authorized by the Microsoft Trusted Root Certificate Program and recognized as an Extended Validation issuer.

Thank you for contacting Microsoft.

And then the same message but for zbootloader2.exe(sha256 –adecff4aeefe7f0f988d95082c730a4213bb34e39b96f079c161321c214aba92).
Top
Post Reply

Return to “Technical Support”

Who is online

Users browsing this forum: No registered users and 17 guests