Conversation

Starsector 0.95a is out! Complete story missions, make playstyle-altering choices using a revamped skill system, and discover unique ships and technology! Please RT! fractalsoftworks.com/2021/03/26/sta

GIF

113

781

1,470

Replying to

and

hi, is it expected to be blocked by Microsoft Defender SmartScreen?

Replying to

and

That's been known to cause problems, yeah.

Replying to

and

you peeps tried reaching for

@msftsecresponse

for information about why is it being identified as malicious?

Replying to

and

I tried uploading it to their web-thing so it could be examined in detail and verified but the installer was too large for it, apparently... some AV always false-positives it, it seems like.

Replying to

and

weird as hell that it never showed me the name of the threat detected, and now it's not showing in history so I can try to submit as a customer...

Replying to

and

Yeah, it's odd. I remember for the last release smartscreen would just take like 15+ minutes to scan the download, so most people thought the download had failed.

Replying to

The executables aren't signed which is probably the main issue. They want executables to be signed with Extended Validation (EV) code signing certificates. It will get rid of the unknown publisher warning and over time I guess their AV will also start trusting you as a publisher.

8:06 PM · Mar 26, 2021Twitter Web App

Replying to

that actually makes sense. Unsigned executables are a major source of malware spread...

Replying to

Yeah, I think the solution is getting an OV code signing certificate which is probably ~$70-100/year. I don't know the cheapest option. An EV certificate appears to start out as reputable but costs ~$200-300/year and the EV verification process likely involves further costs too.

Replying to

Can also use OV code signing instead of EV (cheaper) but it will take longer for the executables to be trusted. A self-signed certificate may be better than nothing. It's possible that it will help the reputation of the previous releases transfer over to the current ones.

Replying to

It sounds like an EV code signing certificate will outright get rid of the warnings. An OV code signing certificate is a lot cheaper and it won't be marked as from an unknown publisher but there will likely still be warnings. It would presumably get better over time though.