FILE is not commonly downloaded and could harm your computer: What does it Mean?

File is Not Commonly Downloaded Error

Decoding the “FILE is not commonly downloaded and could harm your computer” message

Today, staying safe in this digital world is nothing less than an achievement. However, people are always at risk of encountering a malicious website or software containing viruses on the Internet. When they download these files, the system shows a warning message which goes something like this:

FILE is not commonly downloaded and could harm your computer.”

One of the most common ways in which a hacker or any third party gets access to your confidential information is by feeding malware in files that people usually download. Developers who don’t have an idea about Code Signing Certificates might have to suffer as their end-users might not trust their software.

Before we start with the benefits offered by the certificate, we must talk about the warning message, SmartScreen, and everything in between.

While trying to download or run a particular software, all Internet Explorer 8 or Windows 8 users sometimes encounter warning messages. Usually, it says, “the file is not commonly downloaded and could harm your computer,” but sometimes it also shows, “running this application can put your PC at risk.” A tool that goes by the name of SmartScreen Filter sends these warning messages. But why does it do it?

What are Windows Error Messages through SmartScreen Filter?

Every download done by a Microsoft Edge web browser or Internet Explorer user goes through a scan conducted by Microsoft SmartScreen features. The SmartScreen acts as the first line of defense in terms of file downloads, thereby attempting to eliminate malicious software or files before landing on the user’s system. So when it encounters a file without any digital signature or a corrupt file, it displays a warning message.

Oftentimes, the desktop version of Internet Explorer shows messages like “this program is not commonly downloaded and could be dangerous for your computer” when a user tries to download a program. The message looks something like this:

This is a good thing until and unless you plan to release an upgraded version of your software and sign it with the latest Code Signing Certificate. We will come to that, but let us see what a Windows SmartScreen is, after all.

What is Windows SmartScreen Filter?

Along with Internet Explorer 8, Windows SmartScreen is a security-enhancing feature. So when a user downloads software that many people in the past have already downloaded is considered safe.  The feature allows the file to be downloaded without causing any problem or sending a warning. However, suppose a file has not seen a significant number of files or has an unknown publisher. In that case, the users are usually shown a warning message by the feature under the pretext of ‘uncertainty.’

Apart from this, the Windows SmartScreen Filters employ a regularly updated list from a website to keep a constant track of all the websites the users visit. The website with the list keeps a record of all the distribution of malicious software or electronic fraud so that the feature can verify it and save the users from getting preyed upon. When a user tries to visit a website that has been listed, the feature sends a warning message, stating that the particular site is blocked for security reasons.

The same happens when a user attempts to download malicious files from the Internet. Though it can be quite irritating to download a file that is not as popular and is often taken as a threat to the machine, it is always better to prevent it.

Always remember, prevention is better than cure.

So as a developer, what can you do for your users? The simple answer is code signing your software or file. Let us talk about it:

What is Code Signing Certificate, and What is its Relevance?

A Code Signing Certificate is a certificate that contains the digital signature of the publisher of a software/application/executable file, thereby indicating that it is safe, reliable and trustworthy. It helps software developers or code publishers like you win the trust of operating systems, browsers, and finally, the users, thanks to the digital signature of the firmware or software.

The key takeaway of digital signatures is that they make it convenient for the end-user to know:

  • The verified identity of the software publisher
  • If the software has not been tampered with since its creation

The digital signature can be considered proof that the device’s OS or browser can recognize when an executable file has been tampered with since its creation. So when a cybercriminal or hacker tries to intercept and alter the code of a digitally-signed software or application, the user’s operating system instantly recognizes that something is wrong, doesn’t let the application run, and displays an unknown publisher security warning.

So the next question would naturally be, how does its presence help in getting rid of that warning message? Let us clear the air around it:

How does Code Signing Certificate Relate to SmartScreen?

When a software/application/executable file is signed with a code signing cert, it gets an instant reputation with SmartScreen. This is because, with a code signing certificate, the SmartScreen identifies the software. Having said that, this certificate alone does not guarantee that the users won’t see the warning again. Yes, you read that right!

However, the digital signature with some time will ensure that the users don’t see the warning. It disappears until you, as a publisher, sign all your software to stay identified as the code publisher.

Note: A software file won’t get instant reputation in case of OV Code signing certificate.

Concluding lines

As we already said, just a code signing certificate will not offer any guarantee that SmartScreen will not flag your software. However, digital signing ensures that your application/software/code’s reputation is recognized for everything you sign. It means that when you come up with upgraded versions of the software, your SmartScreen reputation is maintained, and you don’t have to start from scratch. The entire process is designed to discourage Edge users from downloading malicious or flagged files.

If you want to get Code Signing Certificates for your software from trusted CAs like Comodo and Sectigo without paying too much, SignMyCode is your one-stop solution.

We offer instant validation and issuance by Pro Code Signing Experts and help you improve the trust and confidence of your users. At SignMyCode, we offer all types of Code Signing Certificates. So what are you waiting for? Protect your software using a code signing certificate and give a boost to your virtual reputation.

Janki Mehta

Janki Mehta is a Cyber-Security Enthusiast who constantly updates herself with new advancements in the Web/Cyber Security niche. Along with theoretical knowledge, she also implements her practical expertise in day-to-day tasks and helps others to protect themselves from threats.