-
Notifications
You must be signed in to change notification settings - Fork 9
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Code Signing FAH executable before building Windows installer #62
Comments
I excluded v8 FAH Client's path from Avira anti-virus after the first few installs of v8.1.3, when it started to trigger the AV (PUA threat heuristic). I'm not sure how common that will be for other people. |
Agreed. I would almost go as far as stating this as an essential requirement now. I recently installed a piece of paid for software and it wasn't signed. The installer was initially blocked. Once installed Windows Defender on Windows 11 blocked its use and quarantined the now installed files. They weren't malware just unsigned, very new and not often used. Another AV vendor on my other system did likewise for the same software. I had to un-quarantine the software and make exceptions for it on both systems to resolve the issue. A non-technical user would not be able to use the software in this case. Please also consider meeting the stricter Authenticode guidelines set by Microsoft: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2013-3900 https://learn.microsoft.com/en-us/security/trusted-root/program-requirements Thank you. |
Enhancement: All the executable files distributed in the installer should be signed with the code-signing certificate as part of the build process for Windows.
This will prevent Anti-virus & Anti-malware software from potentially flagging the executable files as malicious. It also allows the programs to be verified by the user for not having been modified or tampered with.
(copy from: FoldingAtHome/fah-client-win-installer#16)
The text was updated successfully, but these errors were encountered: