尽管遵循所有建议,但IE9 SmartScreen警告 [英] IE9 SmartScreen Warning, Despite Following All Recommendations
问题描述
我们提供了一个Windows程序,可以从我们的网站下载为InstallShield EXE.
当运行IE9的人尝试下载并运行我们的软件时,他们会在屏幕底部看到以下消息:
PROGRAMNAME.exe is not commonly downloaded and could harm your computer.
[DELETE] [ACTIONS] [VIEW DOWNLOADS]
建议:
- 使用 Authenticode签名.
- 确保未将下载检测为 恶意软件.
- 申请Windows徽标.
我们已经完成了所有三件事.我们的EXE用Authenticode签名进行了数字签名(警告消息上方的栏为橙色,而不是红色,指示IE9识别并验证了签名).我们尝试过的任何防病毒程序均未将我们的下载检测为恶意软件.我们已经申请并收到了Windows徽标.
到目前为止,我们的大多数客户还没有使用IE9.但这对那些使用IE 9的人来说非常麻烦.我们还可以对此采取其他措施吗?还是只需要等到一定数量的客户下载了该软件,然后此消息才能消失?
(这意味着当我们发布一个新版本时,所有IE 9用户都将再次收到此消息,直到他们下载了足够的消息为止?)
更新2011-06-14:
谢谢,@ EricLaw-MSFT.网址为 http://dakim.dakiminc.netdna-cdn.com/DakimBrainFitness.exe. (可在 http://www.dakim.com 上的下载免费试用版"按钮上找到.)
我们只是在短时间内提供了可下载的试用版.我们的主要分发方法是安装DVD.
扩展的验证码签名证书不会因我问了一下,最后回答了自己.
We offer a Windows program downloadable as an InstallShield EXE from our website.
When someone running IE9 attempts to download and run our software, they see the following message at the bottom of their screen:
PROGRAMNAME.exe is not commonly downloaded and could harm your computer.
[DELETE] [ACTIONS] [VIEW DOWNLOADS]
It suggests:
- Digitally sign your programs with an Authenticode signature.
- Ensure downloads are not detected as malware.
- Apply for a Windows Logo.
We've done all three things. Our EXE is digitally signed with an authenticode signature (and the bar above the warning message is orange, not red, indicating that IE9 recognized and verified the signature). Our download is not detected as malware by any antivirus program we've tried. And we have applied for and received a Windows Logo.
As yet, most of our customers are not using IE 9. But this is very troublesome to those who do. Is there anything else we can do about this, or do we just have to wait until a critical mass of customers have downloaded this software before this message will go away?
(Does that mean when we release a new version, all IE 9 users will get this message again until enough of them have downloaded it?)
UPDATE 2011-06-14:
Thanks, @EricLaw-MSFT. URL is http://dakim.dakiminc.netdna-cdn.com/DakimBrainFitness.exe . (It's found on the "Download Free Trial" button on http://www.dakim.com .)
We've only been offering downloadable trials for a short while. Our primary distribution method is installation DVDs.
Extended Validation Code Signing Certificates don't suffer from the need to build reputation slowly according to this post:
Reputation is generated and assigned to digital certificates as well as specific files. Digital certificates allow data to be aggregated and assigned to a single certificate rather than many individual programs. Although not required, programs signed by an EV code signing certificate can immediately establish reputation with SmartScreen reputation services even if no prior reputation exists for that file or publisher. EV code signing certificates also have a unique identifier which makes it easier to maintain reputation across certificate renewals. Only Authenticode Certificates issued by a CA that is a member of the Windows Root Certificate Program can establish reputation.
At this time, Symantec and DigiCert are offering EV code signing certificates.
In an effort to improve my answer, I've added a link to a similar question I asked and eventually answered myself.
这篇关于尽管遵循所有建议,但IE9 SmartScreen警告的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
