Home>

We are developing a Windows desktop app made by Unity.
If i upload this app to Google Drive, download and run it, you will get a security warning.
I want to clear this display, but I don't know how.
While I was investigating, I saw that I needed to use a digital signature, but it seemed to cost a fair amount of money (?), and it seemed to be useless.

Applicable source code

(You don't need to check it, but I will post what I am developing.)
http://virtual-background-movie-maker.tilda.ws/

What I tried

I'm trying to try whether the security warning is displayed or not displayed on the Windows desktop application of Unity created in the Windows Store and downloaded from there. However, it seems more difficult than I expected, and it seems that it will take time.

If there is another easier way, please let me know.

Supplemental information (FW/tool ​​version, etc.)

Unity 2019.4.2

  • Answer # 1

    There are three ways to suppress the Microsoft SmartScreen warning.

    Sign software with EV code signing certificate
    Software signed with an EV code signing certificate will not warn you if the software or distributor has not been rated for it.

    Establish rating by download
    The software gets a rating according to the number of downloads. Once the evaluation is established, the warning will not be displayed.

    Distribute through Windows Store
    By registering as a developer and distributing the software from the Windows Store, the warning message will not be displayed.

    https://jp.globalsign.com/service/codesign/knowledge/smartscreen.html

    As far as I can see from this explanation, there seems to be no other way to solve it.

  • Answer # 2

    Hello.

    If you upload this app to Google Drive, download and run it, you will get a security warning.
    I want to clear this display, but I don't know how.

    This is a mechanism to protect people who are downloading and installing apps from people who upload malicious apps.
    In principle, downloaded apps seem to warn, as Windows cannot tell if they are malicious or not. However, I do not warn you that it can be assumed to be "safe" if it is digitally signed. (*1)

    Therefore, in order to avoid the warning, it is realistic to digitally sign the app to purchase and distribute the digital certificate, or to have the person who downloads and installs it do a little operation.
    Right-click the downloaded application, open the property, check the "Allow" in the attached image, and if you get it, the warning will not be displayed.
    Image description

    By the way, some digital certificates for code signing are in a price range that even individuals can afford. It may be possible to try a little and work hard.

    (*1) Digitally signing has the same meaning as pressing the official seal with the seal stamp certificate in some cases (it may be lighter than the official seal), so if the electronically signed application is criminal If it is, it is easy to find the developer and there is a high possibility that you can be punished as a criminal. So conversely, you can assume that digitally signed apps are not criminal.


    【By the way】
    My number card (≠ my number) also has a function to digitally sign, so if a major OS pre-installs the root certificate, non-criminal apps developed by Japanese people will be warned for free. You can avoid it. Criminal apps that have been digitally signed to avoid warnings can punish developers fairly reliably. Therefore, I feel that a more peaceful electronic space can be created. (It seems that there are various hurdles to achieve this.)