My program is a false positive
-
Hello!..
after compiled my program and uploaded to my website, browser says this is dangeous and will cause problems on my computer which obviously is false.... is there a way to solve this?.. maybe some sort of certificate to buy?Thanks.
-
Hello!..
after compiled my program and uploaded to my website, browser says this is dangeous and will cause problems on my computer which obviously is false.... is there a way to solve this?.. maybe some sort of certificate to buy?Thanks.
@U7Development
Depends what you do with it on your website/how you try to access it from your browser. Which you say nothing about. -
i have my file in a my webhosting.. via https:://mydomain.com/myfile.exe
i want to be downloable by my clients.
-
i have my file in a my webhosting.. via https:://mydomain.com/myfile.exe
i want to be downloable by my clients.
@U7Development
You want them to be to download it, not execute it (direct from there from the browser), right?You might be able to buy a certificate to sign it, or your web site, which might or might not help. But --- and I'm not an expert --- it would not surprise me if a browser still did not like downloading a
.exefile off the web.....Suggestion: test with a
.zipfile instead? Then try putting your.exein the.zip. Downloading a naked.exeoff the web sounds hokey to me :) -
@U7Development
You want them to be to download it, not execute it (direct from there from the browser), right?You might be able to buy a certificate to sign it, or your web site, which might or might not help. But --- and I'm not an expert --- it would not surprise me if a browser still did not like downloading a
.exefile off the web.....Suggestion: test with a
.zipfile instead? Then try putting your.exein the.zip. Downloading a naked.exeoff the web sounds hokey to me :)@JonB right, i dont plan to execute any program via web browser, just download an offline client, just the same way you download the Qt installer (for example).
Thanks.. i will give a try using zip format... sounds goods.
-
i found a solution maybe this works (at least for Windows)
https://docs.microsoft.com/es-es/windows/win32/seccrypto/signtool?redirectedfrom=MSDN
command:
signtool sign /a /fd SHA256 MyFile.exe -
i found a solution maybe this works (at least for Windows)
https://docs.microsoft.com/es-es/windows/win32/seccrypto/signtool?redirectedfrom=MSDN
command:
signtool sign /a /fd SHA256 MyFile.exe@U7Development You should really compress your app anyway (as zip)...
-
i found a solution maybe this works (at least for Windows)
https://docs.microsoft.com/es-es/windows/win32/seccrypto/signtool?redirectedfrom=MSDN
command:
signtool sign /a /fd SHA256 MyFile.exe@U7Development
signtool: Yes, that's what I meant when I said "You might be able to buy a certificate to sign it,". But don't you have to buy a certificate for this? We use this and buy a new certificate every couple of years. -
There are several things that can cause problems here.
First as already mentioned the code signing. If you buy a certificate and sing your application, this will remove the red warning that pops up when you exec the program under windows.
However if you don't have a (more expensive) EV-certificate there still might be a warning. Its jut not red/orange any more but blue/grayish so it looks less dangerous.Then the next thing is what your browser does when you download the exe.
This really depends on the browser. There are many "security features" in browsers that pop up a warning message eg. "This application seems to only be downloaded very few times and is not well known, and therefor might be dangerous" or something like that.
As far as I know in this case there is nothing you can do about it. They don't even offer to remove the warning for your application when you pay them or anything. -
There are several things that can cause problems here.
First as already mentioned the code signing. If you buy a certificate and sing your application, this will remove the red warning that pops up when you exec the program under windows.
However if you don't have a (more expensive) EV-certificate there still might be a warning. Its jut not red/orange any more but blue/grayish so it looks less dangerous.Then the next thing is what your browser does when you download the exe.
This really depends on the browser. There are many "security features" in browsers that pop up a warning message eg. "This application seems to only be downloaded very few times and is not well known, and therefor might be dangerous" or something like that.
As far as I know in this case there is nothing you can do about it. They don't even offer to remove the warning for your application when you pay them or anything.@gde23 said in My program is a false positive:
They don't even offer to remove the warning for your application when you pay them or anything.
I'm glad that browser vendors don't accept bribes ;)
Qt Doc Search for browsers: forum.qt.io/topic/35616/web-browser-extension-for-improved-doc-searches
-
@gde23 said in My program is a false positive:
They don't even offer to remove the warning for your application when you pay them or anything.
I'm glad that browser vendors don't accept bribes ;)
@JKSH Sure, that would be even worse, when you had to pay a bribe to get your files flagged as to be safe (as it is kind of with the code signing).
However I think it is also problematic when they flag arbitrary links as dangerous and irritate the user with some warning, when the assumption is only based on some unknown statistical voodoo. -
@JKSH Sure, that would be even worse, when you had to pay a bribe to get your files flagged as to be safe (as it is kind of with the code signing).
However I think it is also problematic when they flag arbitrary links as dangerous and irritate the user with some warning, when the assumption is only based on some unknown statistical voodoo.@gde23 said in My program is a false positive:
However I think it is also problematic when they flag arbitrary links as dangerous and irritate the user with some warning, when the assumption is only based on some unknown statistical voodoo.
Yes, that is indeed frustrating.
The big app stores (Google Play, Apple App Store) are in a better position to handle this, since the mobile OS'es support granular permissions management and the stores can scan all submitted apps before they are released to the public. But even then, plenty of malware still sneaks through: https://www.androidguys.com/promoted-news/google-play-store-the-main-source-of-malware/
Web browsers and their vendors can't scan all links unfortunately, so certificates and statistical methods are the best tools we currently have to limit anarchy on the web (unless we somehow manage to educate all users and make them "street-smart"). If someone comes up with a better method, they would easily become rich and/or famous.
