How To Stop Windows Defender From Blocking Utorrent

[Raina Giorno]

Microsoftallows software developers to submit a file for malware analysis. According to Microsoft, this will help developers to "validate detection of their products". If the review was successful, the Microsoft SmartScreen warnings will go away faster, or sometimes even instantly (it worked instantly for one of my own apps). You need to have a Microsoft account to submit your app for review.

However, note that if you release an updated version of your app, then you'll also have to request a new review again. To overcome this problem, you'll either have to use an "Extended Validation" or an "Organization Validation" code signing certificate (see below).

A guaranteed way to immediately and permanently get rid of the Microsoft SmartScreen warnings is to buy an "Extended Validation" (EV) code signing certificate from one of the Microsoft-approved certificate authorities (CA's), and to sign your app with that EV certificate.

Such an EV certificate will cost you somewhere between 250 and 700 USD per year (you better compare prices), and will only be issued to registered businesses. If you're a single developer, you must be a sole proprietor and have an active business license. You can read more about the formal requirements for EV code signing certificates in the EV Code Signing Certificate Guidelines.

You can also buy a cheaper "Organization Validation" (OV) code signing certificate (also known as "standard" or "non-EV" certificates), and sign your app with that certificate. This will also permanently, but not instantly, make the Microsoft SmartScreen warnings disappear. An OV certificate will cost you between 100 and 500 USD per year (again, you better compare prices), and can also be issued to private developers without an active business license. Some CA's also offer discounts for open source projects.

Since June 2023, newly issued (or renewed) OV certificates must also be stored on either a secure physical hardware token or on an HSM (Hardware Security Module). Your CA will handle this for you. It's not possible anymore to store an OV certificate on your own computer.

The problem with OV code signing certificates is that they do not instantly silence Microsoft SmartScreen. Instead, some time will be needed for your certificate to build reputation before the warning will go away. However, once your certificate has built enough reputation, all applications signed with that certificate will be permanently trusted by Microsoft SmartScreen and won't trigger the warning anymore.

So, how long will it take until the Microsoft SmartScreen warning will disappear when using an OV code signing certificate? Unfortunately, this is difficult to answer, since Microsoft itself refuses to publish any details about this. According to inofficial numbers reported by various sources (see below), it usually takes between 2 and 8 weeks until the warning will permanently go away. It seems that the exact duration also depends on the reputation of the website from which your app is downloaded.

It's a good idea to buy your OV code signing certificate with the longest possible validity period because when you renew your certificate, the reputation will unfortunately not automatically carry over to the new certificate (not even if it's signed against the same private key as the old certificate).

However, you can mitigate the rollover problem by getting your new code signing certificate before your old certificate expires, and then using both the old (but not yet expired!) and the new certificate to sign your code, resulting in two signatures. The signature from your old certificate will continue to bypass SmartScreen and, at the same time, the new signature will help the new certificate to build up trust. So, the idea is that your new certificate becomes trusted before your old certificate expires.

If your old certificate should have already expired, then you can still add the signature from your new certificate to an already released version of your app, and then re-release that app version as a dual-signed app. As before, this will also help the new certificate to build up trust.

To correctly dual-sign your app, first sign your code with the old certificate, and then sign it again with the new certificate, using the /as command line option of Microsoft's SignTool to append an additional signature to the first one (instead of replacing it).

If you don't take any measures at all, the Microsoft SmartScreen warning will also go away eventually. This might however take a ridiculous amount of time (months) and / or downloads (tens of thousands). Another big problem is that each time you'll release an updated version of your app, the waiting period will start all over again. So, this probably isn't the solution you're looking for.

If you have a standard code signing certificate, some time will be needed for your application to build trust. Microsoft affirms that an Extended Validation (EV) Code Signing Certificate allows us to skip this period of trust-building. According to Microsoft, extended validation certificates will enable the developer to immediately establish a reputation with SmartScreen. Otherwise, the users will see a warning like "Windows Defender SmartScreen prevented an unrecognized app from starting. Running this app might put your PC at risk.", with the two buttons: "Run anyway" and "Don't run".

Another Microsoft resource states the following (quote): "Although not required, programs signed by an EV code signing certificate can immediately establish a reputation with SmartScreen reputation services even if no prior reputation exists for that file or publisher. EV code signing certificates also have a unique identifier which makes it easier to maintain reputation across certificate renewals."

My experience is as follows. Since 2005, we have been using regular (non-EV) code signing certificates to sign .MSI, .EXE and .DLL files with timestamps, and there has never been a problem with SmartScreen until 2018, when there was just one case when it took 3 days for a beta version of our application to build trust since we have released it to beta testers. It was in the middle of the certificate validity period. I don't know what SmartScreen might not like in that specific version of our application, but there have been no SmartScreen complaints since then. Therefore, if your certificate is a non-EV, it is a signed application (such as an .MSI file) that will build trust over time, not a certificate. For example, a certificate can be issued a few months ago and used to sign many files, but for each signed file you publish, it may take a few days for SmartScreen to stop complaining about the file after publishing, as was in our case in 2018.

In conclusion, to avoid the warning altogether, i.e., prevent it from happening even suddenly, you need an Extended Validation (EV) code signing certificate, and/or, you can submit your software to Microsoft malware analysis.

I am not too well informed about this issue, but please see if this answer to another question tells you anything useful (and let us know so I can evolve a better answer here): How to pass the Windows Defender SmartScreen Protection? That question relates to BitRock - a non-MSI installer technology, but the overall issue seems to be the same.

Extract from one of the links pointed to in my answer above: "...a certificate just isn't enough anymore to gain trust... SmartScreen is reputation based, not unlike the way StackOverflow works... SmartScreen trusts installers that don't cause problems. Windows machines send telemetry back to Redmond about installed programs and how much trouble they cause. If you get enough thumbs-up then SmartScreen stops blocking your installer automatically. This takes time and lots of installs to get sufficient thumbs. There is no way to find out how far along you got."

The actual dialog text you have marked above definitely relates to the Zone.Identifier alternate data stream with a value of 3 that is added to any file that is downloaded from the Internet (see linked answer above for more details).

I was not able to mark this question as a duplicate of the previous one, since it doesn't have an accepted answer. Let's leave both question open for now? (one question is for MSI, one is for non-MSI).

Until recently I used bitdefender with premium malwarebytes, but I allowed my bit defender subscription to end and thought I'd try using windows defender instead. But I renewed my malwarebytes subscription, so I have MWB and windows defender now. But I noticed window defender keeps get turned off in the windows security. I can turn it on again but it just seems to randomly turn itself off again without warning me. I read somewhere that it might possibly be malwarebytes turning it off, the info I read online said to turn off "always register malwarebytes in the windows security center" which is located in settings> security>windows security center. But if I do that, I get a worrying message in windows that virus protection has been turned off. I'm not sure if it diminishes MWB ability to protect my PC or not. I just want both MWB and windows defender to play nice together in the security center.

You should be able to disable the option in Malwarebytes that you mentioned for registering Malwarebytes in Security Center, restart your system, and then Windows Defender should enable itself automatically so that you don't see any messages about your virus protection being disabled as mentioned by the others above. If that does not work then there might be something else going on which is preventing Defender from enabling itself. If this is the case, please do the following so that we may take a closer look at what is going on with your system:

3a8082e126