Code Signing FAH executable before building Windows installer

[Hou5e]

Enhancement: All the executable files distributed in the installer should be signed with the code-signing certificate as part of the build process for Windows.

This will prevent Anti-virus & Anti-malware software from potentially flagging the executable files as malicious. It also allows the programs to be verified by the user for not having been modified or tampered with.
(copy from: FoldingAtHome/fah-client-win-installer#16)

[Hou5e]

I excluded v8 FAH Client's path from Avira anti-virus after the first few installs of v8.1.3, when it started to trigger the AV (PUA threat heuristic). I'm not sure how common that will be for other people.

[hc970]

Enhancement: All the executable files distributed in the installer should be signed with the code-signing certificate as part of the build process for Windows.

This will prevent Anti-virus & Anti-malware software from potentially flagging the executable files as malicious. It also allows the programs to be verified by the user for not having been modified or tampered with. (copy from: FoldingAtHome/fah-client-win-installer#16)

Agreed. I would almost go as far as stating this as an essential requirement now. I recently installed a piece of paid for software and it wasn't signed. The installer was initially blocked. Once installed Windows Defender on Windows 11 blocked its use and quarantined the now installed files. They weren't malware just unsigned, very new and not often used.

Another AV vendor on my other system did likewise for the same software. I had to un-quarantine the software and make exceptions for it on both systems to resolve the issue. A non-technical user would not be able to use the software in this case.

Please also consider meeting the stricter Authenticode guidelines set by Microsoft:

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2013-3900

https://learn.microsoft.com/en-us/security/trusted-root/program-requirements

Thank you.