I contacted Microsoft about this issue and following is their answer:
Please note, Microsoft does NOT offer whitelisting for vendor’s products.

Reputation for products offered is established by how your download is used by 
the Internet Explorer, Edge and the SmartScreen® Service intelligence 
algorithms.  Downloads are assigned a reputation rating based on many criteria, 
such as download traffic, download history, past anti-virus results and URL 
reputation.  This reputation may be based on the downloaded program or can also 
be assigned to the publisher, based on digital certificate information.  
Downloads that are digitally signed allow a publisher’s reputation to be 
applied to all of their signed downloads.

All certificates, renewed as well as new, need to establish reputation. 
However, a renewed certificate, especially one that uses the same details as 
the old certificate, will gain reputation more quickly than a new one. Many 
signing certificates are valid for long periods, so certificate renewals are 
not typically very frequent.

While reputation is being gained, users are able to download and install your 
applications despite the message that the application is unrecognized. To do so:

   
   - Edge browser – View downloads -  access the Hub (Favorites, reading list, 
history and downloads), click Downloads and then right-click on the file listed 
and select Run anyway.   


   - IE browser -  View downloads and select Run under Actions for the listed 
downloaded file.   


Once the certificate has gained reputation, any applications signed with it 
will have the benefit of that reputation, so no warning will be shown to users 
downloading or installing the application. A certificate can be used to sign 
multiple applications. 

Another option you may want to explore is obtaining an EV Authenticode 
certificate. An application signed with an EV Authenticode certificate can 
immediately establish reputation with SmartScreen reputation services even if 
no prior reputation exists for that file or Authenticode certificate. EV code 
signing certificates are now being issued by Symantec, DigiCert, and GlobalSign.

The feedback tool for SmartScreen is still in place to report possible false 
warnings about phish or malware.  Those warnings include a link to a form to 
submit a report.

Application Reputation warnings are meant to inform end users when applications 
do not have known positive reputation. This doesn’t mean that the application 
is definitely malicious, only that is “unknown”.  In many cases, especially if 
a certificate has been renewed, reputation is gained very quickly, and don’t 
require any review or intervention.

Here are some references that may provide more information:

   
   - 
https://blogs.msdn.microsoft.com/ie/2011/03/22/smartscreen-application-reputation-building-reputation/
   


   - https://blog.digicert.com/ms-smartscreen-application-reputation/   


   - 
https://blogs.msdn.microsoft.com/ie/2011/05/17/smartscreen-application-reputation-in-ie9/
   


   - https://feedback.smartscreen.microsoft.com/smartscreenfaq.aspx.   


Sincerely, 

Microsoft Malware Protection Center

      De: Marcio Tibirica <marcio.tibir...@gmx.com>
 Para: zim-wiki@lists.launchpad.net 
 Enviadas: Terça-feira, 9 de Maio de 2017 0:15
 Assunto: Re: [Zim-wiki] Zim Desktop Wiki 0.66 for Windows is ready to download
   
Brendan,


I downloaded the installer file of desktop version and tested it for 
virus infection in two different ways.

The first test was a local scan using Windows Defender that is installed 
in my machine (Win10 32-bit).  The second test was an on-line scan with 
Kaspersky VirusDesk.

In both scans no trace of infection was found, but if I try to run the 
installer it is blocked by Windows Defender which informs the following:
Application: ZimDesktopWikiPortable_0.66.paf.exe
Supplier: Unknown Supplier

Maybe it is just a case of registering the software supplier in MS 
database? Or, maybe some information that must be embedded in the 
package? I don't know how this work.

Anyway, I have sent the suspicious installer file to the Kaspersky virus 
lab and they probably will be able to find any "harmful code", if any.

I'll keep you informed in case they send me an answer.

By the way, who is going to take over Windows package creation for next 
Zim release?

Regards,

mtibbi
===========

Em 08/05/2017 00:47, Brendan Kidwell escreveu:
> VirusTotal.com reports non-zero "probably harmless" scores for many of
> the dependencies of my Windows build process, even though I'm almost
> certain the sources of those dependencies are not tainted.
> VirusTotal.com reports that (as of today) Baidu and Bkav virus scanners
> find "harmful" code in these Zim installer. Other than abandoning all of
> my tools, I do not know how to move forward with this problem.
>
> Starting with this release I am no longer signing the installer
> packages, and while I believe they are free of harmful code, I can't
> promise that I am correct. You must make your own determination about
> whether you should use my packages or not.
>
> Special thanks to Stephen Dintaman for assistance with this build cycle.
>
> I have posted the Desktop and Portable installer packages, such as they
> are, on http://www.glump.net/software/zim-windows .
>
> The packages were built on a fresh Windows 7 64-bit virtual machine, and
> they should work on any 32-bit or 64-bit version of Windows that is
> still supported by Microsoft.
>
> Brendan Kidwell
>
>
>
> _______________________________________________
> Mailing list: https://launchpad.net/~zim-wiki
> Post to    : zim-wiki@lists.launchpad.net
> Unsubscribe : https://launchpad.net/~zim-wiki
> More help  : https://help.launchpad.net/ListHelp
>

_______________________________________________
Mailing list: https://launchpad.net/~zim-wiki
Post to    : zim-wiki@lists.launchpad.net
Unsubscribe : https://launchpad.net/~zim-wiki
More help  : https://help.launchpad.net/ListHelp


   
_______________________________________________
Mailing list: https://launchpad.net/~zim-wiki
Post to     : zim-wiki@lists.launchpad.net
Unsubscribe : https://launchpad.net/~zim-wiki
More help   : https://help.launchpad.net/ListHelp

Reply via email to