How to Bypass the SmartScreen When Installing a Signed Application on Windows 8?

Bypass SmartScreen for Signed Application

With the increasing usage of multiple software and Windows OS in every industry, Microsoft has strengthened security by introducing Defender SmartScreen. It’s an advanced security mechanism that stops users from running malicious applications and other executable files.

However, it sometimes finds signed applications from unauthorized developers/publishers. Due to this, the reputation and ranking of publishers fall across the digital platform. While analyzing the issue, multiple factors are identified, along with approaches to streamlining bypassing SmartScreen for Signed Application.

You will find all the information below. So, let’s start.

What is Windows Defender SmartScreen?

The latest Windows updates have a new mechanism known as Defender SmartScreen. It is a filtering mechanism, a built-in utility program to filter out malicious executable files and applications.

Its primary purpose is to warn users about software coming from unauthorized publishers. Before the system begins with any software installation, Windows Defender SmartScreen validates its Code Signing Certificate. And if it finds the certificate authentic, then only installation begins. Otherwise, the end-user encounters a warning message.

The Reasons Behind SmartScreen Warning While Installing a Signed Application

There can be other reasons behind Windows Defender SmartScreen showing warnings for signed applications. But the following three are the primary ones.

Using a Self-Signed Certificate

When software publishers release applications with self-signed code signing certificates, the probability of facing warnings is very high. Operating systems only recognize top certificate authorities and their root certificates, so they should meet SmartScreen warnings.

In addition, if you utilize an Individual Validated and Organizational Validated certificate, there are still chances of facing alerts.

CA Details are not in the built-in Database.

While searching the internet, I found numerous certificate authorities offering digital solutions, such as Comodo, Certera, Sectigo, and DigiCert. However, by default, only a few are recognized as legitimate by the operating systems. When you sign your software with a certificate with a not-so-recognizable CA, your users can face warnings from SmartScreen.

Expired Certificate and No Timestamp

When you sign your software, you must always timestamp it to prevent warnings after certificate expiration. If your certificate expires and there’s no timestamp, the SmartScreen filter will find it coming from an unauthorized publisher. Therefore, alerts will be displayed on the screen, and the user will lose trust in your brand name.

Approaches to Bypass SmartScreen While Installing a Signed Application

Most websites will show turning off SmartScreen as the primary method to bypass. However, you can’t tell all of your customers to do so. Therefore, you should implement the following best practices to keep your users from facing warnings and alerts with signed applications.

Utilization of EV Code Signing Certificate

An extended validation code signing certificate is the most appropriate approach to remove SmartScreen warnings from any Windows OS version. However, you should always use the EV Certificate from a reliable certificate authority.

It will assuredly provide instant brand recognition as legitimate, as CA details are present in databases by default.

In addition, you will get the leverage of:

  • Complete removal of SmartScreen warnings
  • Additional Security of Private Key through FIPS-140 aligned hardware token
  • Timestamping functionality to make your software valid for an unlimited time

Signing Software using Microsoft Authenticode Code Signing Certificate

You can utilize the Authenticode Code Signing Certificate in the Code Signing Certificate approach. But remember, you must select the EV Authenticode Certificate to eliminate SmartScreen warning messages.

The Authenticode Code Signing Certificate is particularly useful for tamper-proofing Windows-based executable files. It is consistently recognized by the advanced filtering mechanism installed in the Windows operating system. Moreover, using the EV or Authenticode Certificate will make you eligible to host your software on the Microsoft Online Store.

Besides, security professionals also consider utilizing EV and Authenticode certificates to be one of the best methods to bypass SmartScreen warnings.

Distributing applications through Microsoft Online Store

Microsoft allows only authentic and accurately signed applications to be listed on its online store. And SmartScreen doesn’t show any warning when any end-user downloads and installs any software from the store.

If you want the same for your software that bypasses the SmartScreen filter, you can provide it through the online store.

By hosting it on the Microsoft store, you will benefit from the following:

  • Your customers will not face warnings for your software
  • Your software’s legitimacy will start to grow organically
  • Your Windows-based stakeholders will easily find your application
  • User trust and brand reputation will rapidly grow
  • You will get aligned with Microsoft store standards, making it seamless to list more applications in the future

Perform WACK Validation

Running the Windows App Certification Kit and uploading its report on the specified portal will help bypass SmartScreen alerts. While the kit runs, your software will be tested against multiple pre-defined standards by Microsoft.

And if your software passes the checks, Windows will consider it authentic and non-malicious. Hence, no SmartScreen warning messages.

You will also find the Windows App Certification Kit (WACK) under the Windows SDK. Once the WACK starts, it will provide you with the following four options:

  • Validate Windows Store App
  • Validate Windows Phone App
  • Validate Desktop App
  • Validate Desktop Device App

You must select the option according to your requirements and follow the steps defined by the WACK software. The last stage of the WACK test will provide the results and the link where you have to submit the result report.

Once Microsoft completes processing your report, SmartScreen will recognize your application as legitimate. Therefore, end-users will never face SmartScreen warning messages when installing it.

Concluding Up

Windows SmartScreen is a well-established security mechanism that blocks the installation of unauthorized applications. Utilizing self-signed, expired, or non-reliable CAs Code Signing Certificate is the primary reason behind seeing warnings for signed applications.

By performing defined approaches, your software can bypass the SmartScreen for Signed Applications.

Code Signing Tutorials

Cheap Code Signing Certificates

Prevent Code Tampering and Authenticate Code Integrity by Digitally Sign your Code with Trusted Code Signing Certificates.

Starting at Just $215.99/Year
Janki Mehta

Janki Mehta

Janki Mehta is a Cyber-Security Enthusiast who constantly updates herself with new advancements in the Web/Cyber Security niche. Along with theoretical knowledge, she also implements her practical expertise in day-to-day tasks and helps others to protect themselves from threats.