Install triggers smart screen!
MrHinsh opened this issue · 27 comments
I have added your app to Winget:
I'll submit a PR with an auto updater!
When trying to install this application it triggers the "SmartScreen" interface.
Also on manual download:
Could it be that the Publisher field is empty?
SmartScreen will disappear when many people download our plugin successfully. We recently changed the distribution URL and Microsoft has not yet trusted our new page. I suppose we can do nothing about SmartScreen.
We will just have to wait!
I belive its likley being triggered becasue the "Comapny Name" is missing from the meta data.
You can also submit your application to https://learn.microsoft.com/en-us/windows/security/operating-system-security/virus-and-threat-protection/microsoft-defender-smartscreen/#submit-files-to-microsoft-defender-smartscreen-for-review
Oh thanks! Can you make a PR to add company name to the metadata?
Sorry, I have no idea how to do that with CMake, which I have never used.
I think this needs to be fixed in the OBS plugin template files.
I can try to dig around. But so far my research came up short, it looks like the installer is in fact filling up the author information.
@MrHinsh How do you find those details?
If I know how I can make experiments and see if it affects the output
It had author, but no company.
I just googled "view meta data in executable files on windows" and used a tool. I'm not at my computer to check, but it was installable with Winget.
I compared it to my file that downloads fine without triggering SmartScreen.
Did you submit your app to the smart screen check site?
:) Back at my computer!
I used "exiftool".
❯ exiftool "C:\Users\MartinHinshelwood(He\Downloads\obs-backgroundremoval-1.1.8-windows-x64-Installer.exe"
ExifTool Version Number : 12.70
File Name : obs-backgroundremoval-1.1.8-windows-x64-Installer.exe
Directory : C:/Users/MartinHinshelwood(He/Downloads
File Size : 37 MB
File Modification Date/Time : 2023:12:20 08:58:19+00:00
File Access Date/Time : 2023:12:27 10:24:08+00:00
File Creation Date/Time : 2023:12:20 08:58:08+00:00
File Permissions : -rw-rw-rw-
File Type : Win32 EXE
File Type Extension : exe
MIME Type : application/octet-stream
Machine Type : Intel 386 or later, and compatibles
Time Stamp : 2023:02:15 14:54:16+00:00
Image File Characteristics : No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi
PE Type : PE32
Linker Version : 2.25
Code Size : 741888
Initialized Data Size : 89600
Uninitialized Data Size : 0
Entry Point : 0xb5eec
OS Version : 6.1
Image Version : 6.0
Subsystem Version : 6.1
Subsystem : Windows GUI
File Version Number : 0.0.0.0
Product Version Number : 0.0.0.0
File Flags Mask : 0x003f
File Flags : (none)
File OS : Win32
Object File Type : Executable application
File Subtype : 0
Language Code : Neutral
Character Set : Unicode
Comments : This installation was built with Inno Setup.
Company Name : Roy Shilkrot
File Description : obs-backgroundremoval Setup
File Version :
Legal Copyright :
Original File Name :
Product Name : obs-backgroundremoval
Product Version : 1.1.8
I see that the company name is set to "Roy Shilkrot" and I have submitted your tool.
SmartScreen being triggered is not normal, and I have anumber of executable tools that do not trigger it and never did. I wonder what the issue is...
@royshil did you change any of the metadata recently? that could have triggered this!
@MrHinsh Our older installers are available on the releases page. Could you kindly investigate the difference between the current one and the older one that does not cause the SmartScreen? We will appreciate your contribution so much! Thanks in advance!
I just checked all the way back to Betas and they all trigger SmartScreen. That implies that you have built no trust with the installer as it is not recognising that they are all from the same pubisher.
Here is an example from ExifTool itself...
Z:\Downloads>"exiftool(-k).exe" "exiftool(-k).exe"
ExifTool Version Number : 10.13
File Name : exiftool(-k).exe
Directory : .
File Size : 6.4 MB
File Modification Date/Time : 2016:03:12 20:31:08+01:00
File Access Date/Time : 2016:04:02 16:37:16+02:00
File Creation Date/Time : 2016:04:02 16:37:16+02:00
File Permissions : rw-rw-rw-
File Type : Win32 EXE
File Type Extension : exe
MIME Type : application/octet-stream
Machine Type : Intel 386 or later, and compatibles
Time Stamp : 2006:06:02 12:45:17+02:00
PE Type : PE32
Linker Version : 6.0
Code Size : 12288
Initialized Data Size : 917504
Uninitialized Data Size : 0
Entry Point : 0x354c
OS Version : 4.0
Image Version : 0.0
Subsystem Version : 4.0
Subsystem : Windows command line
File Version Number : 10.1.3.0
Product Version Number : 10.1.3.0
File Flags Mask : 0x003f
File Flags : Debug
File OS : Windows NT 32-bit
Object File Type : Executable application
File Subtype : 0
Language Code : Process default
Character Set : Unicode
Comments : ExifTool EXE for Windows
Company Name : Phil Harvey
File Description : Read and Write meta information
File Version : 10.1.3.0
Internal Name : ExifTool
Legal Copyright : Copyright (c) 2003-2016, Phil Harvey
Legal Trademarks :
Original File Name : exiftool(-k).exe
Private Build :
Product Name : ExifTool
Product Version : 10.1.3.0
Special Build :
Build Date : 2016:03:12 14:27:51
Bundled Perl Version : ActivePerl 5.8.7
Home Page : http://owl.phy.queensu.ca/~phil/exiftool/
If I clear out the irrelevant stuff:
Z:\Downloads>"exiftool(-k).exe" "exiftool(-k).exe"
File Name : exiftool(-k).exe
File Version Number : 10.1.3.0
Product Version Number : 10.1.3.0
Comments : ExifTool EXE for Windows
Company Name : Phil Harvey
File Description : Read and Write meta information
File Version : 10.1.3.0
Internal Name : ExifTool
Legal Copyright : Copyright (c) 2003-2016, Phil Harvey
Legal Trademarks :
Original File Name : exiftool(-k).exe
Product Name : ExifTool
Product Version : 10.1.3.0
Home Page : http://owl.phy.queensu.ca/~phil/exiftool/
and compare like for like:
❯ exiftool "C:\Users\MartinHinshelwood(He\Downloads\obs-backgroundremoval-1.1.8-windows-x64-Installer.exe"
File Name : obs-backgroundremoval-1.1.8-windows-x64-Installer.exe
File Version Number : 0.0.0.0
Product Version Number : 0.0.0.0
Comments : This installation was built with Inno Setup.
Company Name : Roy Shilkrot
File Description : obs-backgroundremoval Setup
File Version :
Legal Copyright :
Original File Name :
Product Name : obs-backgroundremoval
Product Version : 1.1.8
Home Page :
If SmartScreen is using this to identify your product and publisher then there is not a lot of information to go on. I would think adding more information would enable SmartScreen to better identify and validate it.
I don't think there is an instant solution to erase SmartScreen and what we can do is just wait for it to go until Microsoft recognizes our product is safe because so many people download it.
@umireon this tool has been around for years, and typically files with low downloads takes 2-8 weeks to recognise.
If this is not happening then there must be something that is preventing it.
As I stated before, the URL of this plugin had changed and this change triggers SmartScreen, I guess.
The URL does not trigger, its the file itself. And if the file lacks the expected meta-data it will never be approved as SmartScreen will fail to identify it as the same executable from the same source.
Have you submited your application to https://learn.microsoft.com/en-us/windows/security/operating-system-security/virus-and-threat-protection/microsoft-defender-smartscreen/#submit-files-to-microsoft-defender-smartscreen-for-review?
@MrHinsh Could you tell us the detail of what metadata our installer should have or be fixed?
See #499 (comment) for the comparison to another app that I have previously supplied above.
The version number are not filled out. To me that would imply a local build rather than a shared product. 🤷♂️
I feel I have done all I can to help here. You can do something with it or not. As you see from other tickets this will disable the ability for most work computers as most large companies prevent smart screen bypass.
I suggest that you:
- update the various meta data tags to enable the publisher to be more identifiable as per the examples I have given above.
- submit your installer to the smartscreen validation check page I added above.
@MrHinsh Could you check if the following new installer has the metadata that you expect?
https://github.com/occ-ai/obs-backgroundremoval/actions/runs/7347828061#:~:text=obs%2Dbackgroundremoval%2D1.1.8%2Dwindows%2Dx64%2D162c279e2
@royshil Can you submit our installer to Microsoft to suppress Smart Screen?
https://learn.microsoft.com/en-us/windows/security/operating-system-security/virus-and-threat-protection/microsoft-defender-smartscreen/#submit-files-to-microsoft-defender-smartscreen-for-review
i believe @MrHinsh already submitted our tool
on my Windows 11 PC the installer doesn't trigger SmartScreen, it only has the standard warning about unknown publisher...
maybe MSFT has already "approved"?
I did submit.
If SmartScreen is passing then I'll resubmit to Winget and see if it passes there.
Seems to be completed.