Avoid Edge and Defender SmartScreen flagging as potentially unsafe?

This isn’t a huge deal, but 1) Edge gives a warning that the Avo2 installer “could harm your device” and asks if you want to keep it anyway; 2) when running the installer, Windows Defender initially blocks it as unrecognised and says running it might put your PC at risk, and the user has to click more info and then run anyway to run it.

This might look a little scary to a casual user, especially given that Avogadro is open source and thus not backed by any especially official-looking organisation. I wonder if it’s possible to do something to avoid anyone being scared off. Things like Firefox also receive the warning in Edge though :roll_eyes: so who knows how much can really be done.

Note that clicking “more info” in the Windows Defender message lists the app info as:
Application: Avogadro2-1.98.1-win64.exe
Publisher: Unknown publisher

I don’t know whether for example defining those fields better would help avoid the warning.

It requires getting a Windows signing certificate. Unfortunately, that runs at least $250 / year … up to around $500 / year. Manage code signing certificates - Windows drivers | Microsoft Learn

It would be nice, but at the moment … a little pricey.

At the moment, Windows defender will at least “learn” over time that a particular binary is okay once enough people install it.

Ha, ok. Pity, you’d think around 2 million installs would be enough :wink:

Remember that’s a certain number of installs for a particular binary (e.g., release build).

So it’d take a while for 1.98.1 to hit 2 million Windows installs.

For anyone finding this later, there’s an issue to track this - but basically it’s mostly $$