绕过 Chrome 的恶意文件警告 [英] Getting around Chrome's Malicious File Warning
问题描述
我创建了一个包含多个 *.exe 文件的应用程序.我已经将这些打包到我在我的网站上托管的 NSIS 安装程序中.当我尝试下载它时,Chrome 报告它可能是恶意的.起初我认为这可能是我托管的 URL/站点未被识别,所以我注册了 Amazon S3 存储并将文件移到那里.同样的问题.然后我认为打包可执行文件可能会导致这种情况,所以我尝试了没有.
同样的问题.
阅读更多内容后,我决定尝试对可执行文件和安装程序包 EXE 进行签名.
I created an application which comprises a number of *.exe files. I've packaged these up into an NSIS installer which I hosted on my website. When I try to download it Chrome reports it as potentially malicious. At first I thought it could be the URL/site I was hosting on not being recognized so I signed up for Amazon S3 storage and moved the file there. Same problem. I then thought that packing the executables might cause this, so I tried without.
Same issue.
After some more reading I decided to try signing the executables as well as the installer package EXE.
我创建了一个开发证书如下:
I created a dev cert as follows:
makecert
pvk2pfx
signtool"http://timestamp.verisign.com/scripts/timstamp.dll" *.exe
仍然是恶意的...即使在下载后我检查了 exe 并确认他们有一个数字签名选项卡,当然它不是一个完全经过验证的商业证书,但我无法相信解决 Chrome 半生不熟的代码分析的唯一方法是每年花 200 美元获得 verisign 等代码签名证书?
Still malicious... I check the exe's even after download and confirmed they have a digital signature tab, granted it's not a fully verified commercial certificate but I can't believe the only way around Chromes half-baked code analysis is to spend $200 a year to have a verisign etc. code signing cert issued?
有什么想法可以改变我正在做的事情来避免这种讨厌的消息吗?
Any ideas how I can change what I'm doing to avoid this nasty message?
推荐答案
我在使用可从我的网站下载的 exe 文件时遇到了这个问题.每当我尝试使用 Chrome 下载文件时,它都会发出警告.
I had exactly this problem with an exe file that is downloadable from my web site. Whenever I tried to download the file using Chrome it gave the warning.
我找到的解决方案是注册 Google 网站管理员工具并添加我的网站.Google 花了几天时间来抓取我的网站并填写任何信息,但我今天返回,终于在那里找到了大量信息.
The solution I found was to sign up to Google Webmaster Tools and add my site. It took several days for Google to crawl my site, and fill in any information, but I went back today and finally found loads of information there.
现在我可以下载我的文件了,没有恶意警告了.
Now I can download my file, and there is no malicious warning any more.
似乎一旦 Google 检查了您的网站并确定您不是坏人,问题就会迎刃而解.
It seems that once Google has checked out your site and determined that you are not a bad person, the problem goes away.
这篇关于绕过 Chrome 的恶意文件警告的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
