SmartScreen阻止应用启动 [英] SmartScreen prevented app from starting
问题描述
您好,
我正在部署ClickOnce 自定义构建脚本(Publish.tragets)的应用程序,它负责签署部署目标
并将它们上传到FTP服务器。客户端可以通过URL下载和安装应用程序,例如:http://mysite/myapp.application。之后,应用程序尝试运行,但正在显示SmartScreen对话框。应用程序名称和发布者名称有效。
我可以看到应用程序和可执行文件都使用EV证书(SHA2)正确签名
签名过程在编译应用程序后运行。代码对此负责:
< Exec Command ="& quot; $(WindowsKitPath)signtool.exe& quot; sign / f& quot; $(ProjectDir)cert.p12& quot; / tr& quot; http://sha256timestamp.ws.symantec.com/sha256/timestamp& quot; / p& quot; ************& quot; &安培; QUOT; $(文件路径)\ $(AppName的).EXE&安培; QUOT;" />
< SignFile
CertificateThumbprint =" *******************************"
SigningTarget =" $(FilePath)\ $(AppName).exe" />
< Exec Command ="& quot; $(ProjectDir).. \ Lib \ image.exe& quot; -New Application -ToFile& quot; $(PublishPath)Application Files \ $(AppName)_ $(Major)_ $(Minor)_ $(Build)_ $(Revision)\ $(AppName).exe。清单&安培; QUOT; -Name" quot; $(AppName)& quot; -TrustLevel& quot; FullTrust& quot; -um& quot; true& quot; -v& quot; $(FullVersion)& quot; -a& quot; sha256RSA& quot; -IconFile& quot; icon.ico& quot; -FromDirectory& quot; $(FilePath)& quot; -Publisher& quot; $(PublisherName)& quot; -TimestampUri& quot; http://sha256timestamp.ws.symantec.com/sha256/timestamp& quot;" />
< Exec Command ="& quot; $(ProjectDir).. \ Lib \ image.exe& quot; -Sign& quot; $(PublishPath)Application Files \ $(AppName)_ $(Major)_ $(Minor)_ $(Build)_ $(Revision)\ $(AppName).exe.manifest& quot ; -CertFile& quot; $(ProjectDir)cert.p12& quot; -Password& quot; **********& quot;" />
< SignFile
CertificateThumbprint =" **********************"
SigningTarget =" $(PublishPath)Application Files \ $(AppName)_ $(Major)_ $(Minor)_ $(Build)_ $(Revision)\ $(AppName).exe.manifest" ; />
< GenerateDeploymentManifest
AssemblyName =" $(AppName).application"
Product =" $(AppName)"
Install =" $(Install)"
UpdateEnabled =" $(UpdateEnabled)"
UpdateMode =" $(UpdateMode)"
UpdateInterval =" $(UpdateInterval)"
UpdateUnit =" $(UpdateIntervalUnits)"
DeploymentUrl =" $(InstallUrl)"
CreateDesktopShortcut =" false"
MapFileExtensions =" $(MapFileExtensions)"
Publisher =" $(PublisherName)"
SupportUrl =" $(SupportUrl)"
SuiteName =" $(SuiteName)"
OutputManifest =" $(PublishPath)$(AppName).application"
TargetFrameworkVersion =" 4.0"
TargetFrameworkMoniker =" .NETFramework,Version = v4.0"
EntryPoint =" $(EntryPoint)" />
< Exec Command ="& quot; $(ProjectDir).. \ Lib \ image.exe& quot; -Update& quot; $(PublishPath)$(AppName).application& quot; -Name" quot; $(AppName)& quot; -v& quot; $(FullVersion)& quot; -AppManifest& quot; $(PublishPath)Application Files \ $(AppName)_ $(Major)_ $(Minor)_ $(Build)_ $(Revision)\ $(AppName).exe.manifest& quot ; -appc& quot; Application Files \ $(AppName)_ $(Major)_ $(Minor)_ $(Build)_ $(Revision)\ $(AppName).exe.manifest& quot; -IncludeProviderURL& quot; true& quot; -ProviderURL& quot; $(InstallUrl)& quot; -um& quot; true& quot; -Install& quot; true& quot; -Publisher& quot; $(PublisherName)& quot; -s& quot; $(SupportUrl)& quot; -a& quot; sha256RSA& quot; -TimestampUri& quot; http://sha256timestamp.ws.symantec.com/sha256/timestamp& quot;" />
< ItemGroup>
< DepManifest Include =" $(PublishPath)$(AppName).application" />
< / ItemGroup>
< ReadLinesFromFile File ='@(DepManifest)'>
< Output TaskParameter =" Lines" ITEMNAME = QUOT;直线和QUOT; />
< / ReadLinesFromFile>
< RegexReplace Input ='@(Lines)'
Expression ='expiration maximumAge =" 0" unit =" days"'
Replacement ='beforeApplicationStartup'
Options ='Multiline'>
< Output ItemName ='ModifiedLines'TaskParameter ='Output'/>
< / RegexReplace>
< WriteLinesToFile File ='@(DepManifest)'Lines ='@(ModifiedLines)'Overwrite ='true'/>
< Exec Command ="& quot; $(ProjectDir).. \ Lib \ image.exe& quot; -Sign& quot; $(PublishPath)$(AppName).application& quot; -CertFile& quot; $(ProjectDir)cert.p12& quot; -Password& quot; ************& quot;" />
< SignFile
CertificateThumbprint =" *******************"
SigningTarget =" $(PublishPath)$(AppName).application" />
< GenerateBootstrapper
ApplicationFile =" $(AppName).application"
ApplicationName =" $(ProductName)"
ApplicationUrl =" $(UpdateUrl)"
BootstrapperItems =" @(BootstrapperFile)"
OutputPath =" $(PublishPath)"
Path =" $(BootstrapperSdkPath)"
SupportUrl =" $(SupportUrl)"
/>
< Exec Command ="& quot; $(WindowsKitPath)signtool.exe& quot; sign / f& quot; $(ProjectDir)cert.p12& quot; / tr& quot; http://sha256timestamp.ws.symantec.com/sha256/timestamp& quot; / p& quot; *************& quot; &安培; QUOT; $(PublishPath)SETUP.EXE&安培; QUOT;" />
< SignFile
CertificateThumbprint =" **************************"
SigningTarget =" $(PublishPath)setup.exe" />
我已经使用相同的证书对另一个应用程序进行了解密,并且SmartScreen没有阻止它。
你知道我犯了什么错吗?
嗨KawkaTomasz,
>> 之后,应用程序会尝试运行,但会显示SmartScreen对话框。应用名称和发布商名称有效。
SmartScreen中的消息是什么?
抱歉,我无法从上述说明中获得任何有效信息,因此请提供有关SmartScreen的更多详细信息以及更多详细信息。
问候,
斯坦利
Hello,
I'm deploying an ClickOnce application by custom build script (Publish.tragets), which is responsible for signing deployement targets and upload them to FTP server. Clients can download and install application via URL like: http://mysite/myapp.application. After that, application tries to run, but SmartScreen dialog is showing. The app name and Publisher name are valid.
I can see that both application and executable are correctly signed using EV Certificate (SHA2)
The signing process runs after the compiling the application. The code reponsible for this:
<Exec Command=""$(WindowsKitPath)signtool.exe" sign /f "$(ProjectDir)cert.p12" /tr "http://sha256timestamp.ws.symantec.com/sha256/timestamp" /p "************" "$(FilePath)\$(AppName).exe"" /> <SignFile CertificateThumbprint="*******************************" SigningTarget="$(FilePath)\$(AppName).exe" /> <Exec Command=""$(ProjectDir)..\Lib\mage.exe" -New Application -ToFile "$(PublishPath)Application Files\$(AppName)_$(Major)_$(Minor)_$(Build)_$(Revision)\$(AppName).exe.manifest" -Name "$(AppName)" -TrustLevel "FullTrust" -um "true" -v "$(FullVersion)" -a "sha256RSA" -IconFile "icon.ico" -FromDirectory "$(FilePath)" -Publisher "$(PublisherName)" -TimestampUri "http://sha256timestamp.ws.symantec.com/sha256/timestamp"" /> <Exec Command=""$(ProjectDir)..\Lib\mage.exe" -Sign "$(PublishPath)Application Files\$(AppName)_$(Major)_$(Minor)_$(Build)_$(Revision)\$(AppName).exe.manifest" -CertFile "$(ProjectDir)cert.p12" -Password "**********""/> <SignFile CertificateThumbprint="**********************" SigningTarget="$(PublishPath)Application Files\$(AppName)_$(Major)_$(Minor)_$(Build)_$(Revision)\$(AppName).exe.manifest" /> <GenerateDeploymentManifest AssemblyName="$(AppName).application" Product="$(AppName)" Install="$(Install)" UpdateEnabled="$(UpdateEnabled)" UpdateMode="$(UpdateMode)" UpdateInterval="$(UpdateInterval)" UpdateUnit="$(UpdateIntervalUnits)" DeploymentUrl="$(InstallUrl)" CreateDesktopShortcut="false" MapFileExtensions="$(MapFileExtensions)" Publisher="$(PublisherName)" SupportUrl="$(SupportUrl)" SuiteName="$(SuiteName)" OutputManifest="$(PublishPath)$(AppName).application" TargetFrameworkVersion="4.0" TargetFrameworkMoniker=".NETFramework,Version=v4.0" EntryPoint="$(EntryPoint)" /> <Exec Command=""$(ProjectDir)..\Lib\mage.exe" -Update "$(PublishPath)$(AppName).application" -Name "$(AppName)" -v "$(FullVersion)" -AppManifest "$(PublishPath)Application Files\$(AppName)_$(Major)_$(Minor)_$(Build)_$(Revision)\$(AppName).exe.manifest" -appc "Application Files\$(AppName)_$(Major)_$(Minor)_$(Build)_$(Revision)\$(AppName).exe.manifest" -IncludeProviderURL "true" -ProviderURL "$(InstallUrl)" -um "true" -Install "true" -Publisher "$(PublisherName)" -s "$(SupportUrl)" -a "sha256RSA" -TimestampUri "http://sha256timestamp.ws.symantec.com/sha256/timestamp"" /> <ItemGroup> <DepManifest Include="$(PublishPath)$(AppName).application"/> </ItemGroup> <ReadLinesFromFile File='@(DepManifest)'> <Output TaskParameter="Lines" ItemName="Lines"/> </ReadLinesFromFile> <RegexReplace Input='@(Lines)' Expression='expiration maximumAge="0" unit="days"' Replacement='beforeApplicationStartup ' Options='Multiline'> <Output ItemName='ModifiedLines' TaskParameter='Output'/> </RegexReplace> <WriteLinesToFile File='@(DepManifest)' Lines='@(ModifiedLines)' Overwrite='true'/> <Exec Command=""$(ProjectDir)..\Lib\mage.exe" -Sign "$(PublishPath)$(AppName).application" -CertFile "$(ProjectDir)cert.p12" -Password "************""/> <SignFile CertificateThumbprint="*******************" SigningTarget="$(PublishPath)$(AppName).application" /> <GenerateBootstrapper ApplicationFile="$(AppName).application" ApplicationName="$(ProductName)" ApplicationUrl="$(UpdateUrl)" BootstrapperItems="@(BootstrapperFile)" OutputPath="$(PublishPath)" Path="$(BootstrapperSdkPath)" SupportUrl="$(SupportUrl)" /> <Exec Command=""$(WindowsKitPath)signtool.exe" sign /f "$(ProjectDir)cert.p12" /tr "http://sha256timestamp.ws.symantec.com/sha256/timestamp" /p "*************" "$(PublishPath)setup.exe"" /> <SignFile CertificateThumbprint="**************************" SigningTarget="$(PublishPath)setup.exe" />
I've already depolyed another application with the same certificate and the SmartScreen is not blocking it.
Do you know where I made a mistake?Hi KawkaTomasz,
>>After that, application tries to run, but SmartScreen dialog is showing. The app name and Publisher name are valid.
What is the message in the SmartScreen?
Sorry I can not get any valid information just from the description above, so please provide more detail about the SmartScreen and more details.
Regards,
Stanly
这篇关于SmartScreen阻止应用启动的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!