如何让 Windows 的 Smart Screen 信任我的安装程序? [英] How to get Windows' Smart Screen to trust my Installer?
问题描述
我正在尝试在 Windows 上部署和分发 C++ 应用程序.
I'm trying to deploy and distribute a C++ app on Windows.
我已经设法使用 Visual Studio(带有 Microsoft Visual Studio 安装程序项目扩展)创建了一个 MSI 安装程序.当我在我的电脑上运行它时,一切都很好.但是,如果我在其他人的计算机上运行它,Windows Defender 会显示 SmartScreen 警告:
I've managed to create an MSI installer with Visual Studio (with the Microsoft Visual Studio Installer Project extension). When I run it on my computer, everything is fine. But if I run it on someone's else computer, Windows Defender displays a SmartScreen warning:
我们仍处于测试阶段,所以我们没有很多钱或任何证书,但我们希望在没有此警告的情况下提供测试版,以允许用户测试产品并向我们提供反馈(我们希望设置一种构建-测量-学习方法).
We are still in beta, so we don't have a lot of money or any certificates, but we want to make the beta available without this warning to allow users to test the product and give us feedback (we want to setup a build-measure-learn method).
我已经看到我可以使用 EV 证书来消除这个警告(但它们太贵了,所以不是一个选项).
I've seen that I can use EV certificates to remove this warning (but they are too expensive, so it's not an option).
如何为每个从我的网站下载我的安装程序的用户删除此警告(如果可能,不收取任何费用)?
How can I remove this warning for every user who downloads my installer from my website (without any cost, if possible)?
推荐答案
你需要一个正式的代码签名或代码签名 EV 证书,它会花费一些钱,并使用该证书使用 signtool 或 build events 签署您的输出(dll、msi、exe).那么你的设置来自一个已知的出版商(你/你的品牌).
You need an officially code sign or and code sign EV certificate, it will cost some money, and sign with signtool or build events your output (dll, msi, exe) with that certificates. Then your setup, is from a known publisher (you / your brand).
您可以使用自签名证书,但随后您需要在每台机器上安装该证书……该用例对内部"使用很有用.在您的情况下,当您从您的网站提供下载时,您需要通知用户您使用了自签名证书,您可以提供您的证书的 CA 并要求用户安装它......或者您只是提及证书是自签名的并共享指纹/MD5 哈希值,以便您的客户可以自行验证内容.
You can use a self-signed cert, but then you need to install the cert on every machine ... that use case is useful for "internal" usage. In your case, when you offer a download from your Website, you need to inform the user, that you used a self-sign cert and you can offer the CA of your cert and ask the user to install it ... or you just mention that the cert is self-signed and share the Fingerprints / MD5 Hashes so your customers can verify the content on there own.
这篇关于如何让 Windows 的 Smart Screen 信任我的安装程序?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
