Community
Windows and Internet Explorer tells users that a custom host exe is dangereous to run
jackk,
User (Posts: 23)
Oct 08, 2015 11:24:12 pm EDT
Support level: Free or trial
When you create a custom host exe, and then have a user download it from a website, Internet Explorer warns the user that it is a dangerous application because it has an unknown publisher.
Then, if they do somehow get the exe on their computer and then try to run it, Windows (not Internet Explorer) gives the same warning, but even bigger across the entire screen.
Of course, it is not a dangerous program, but that warning in Internet Explorer and then in Windows makes the custom exe not very usable because people don't want to run something that Windows tells them is dangerous.
Is there a way to make the custom exe files signed with a known publisher to eliminate these warnings?
Then, if they do somehow get the exe on their computer and then try to run it, Windows (not Internet Explorer) gives the same warning, but even bigger across the entire screen.
Of course, it is not a dangerous program, but that warning in Internet Explorer and then in Windows makes the custom exe not very usable because people don't want to run something that Windows tells them is dangerous.
Is there a way to make the custom exe files signed with a known publisher to eliminate these warnings?
Edited:jackk - Oct 08, 2015 11:25:30 pm EDT
Conrad Sallian,
Support (Posts: 3013)
Oct 09, 2015 7:12:09 am EDT
Hello Jack,
Could you please tell me the Windows version and the IE version so that we check it out. We normally keep track of all a/v false positives and quickly contact the vendors asking them to remove false detections.
Note, however, that programs especially browsers can warn about an unsigned file and this is normal. But the signature is not always the only factor - a few months ago Chrome was blocking Remote Utilities downloads on our website, despite the fact that all the files were signed with a brand new digital signature from a respectful provider (DigiCert). So the lack of a digital signature does not necessarily mean that the file is prone to be blocked by browsers or OS.
In the future we are planning to provide the signing to our customers, or make an online MSI configurator that automatically signs the output file.
Don't hesitate to ask me if you have other questions.
Could you please tell me the Windows version and the IE version so that we check it out. We normally keep track of all a/v false positives and quickly contact the vendors asking them to remove false detections.
Note, however, that programs especially browsers can warn about an unsigned file and this is normal. But the signature is not always the only factor - a few months ago Chrome was blocking Remote Utilities downloads on our website, despite the fact that all the files were signed with a brand new digital signature from a respectful provider (DigiCert). So the lack of a digital signature does not necessarily mean that the file is prone to be blocked by browsers or OS.
In the future we are planning to provide the signing to our customers, or make an online MSI configurator that automatically signs the output file.
Don't hesitate to ask me if you have other questions.
jackk,
User (Posts: 23)
Oct 09, 2015 9:41:00 am EDT
Support level: Free or trial
I have no antivirus running.
Internet Explorer is Version 11.
Windows is Windows 10 (but I am pretty sure Windows 8 is the same issue).
Windows 8 and Windows 10 have "SmartScreen" filter that throws huge warnings when running programs that it doesn't know if safe or not. To actually run them, you have to choose "More Options" and then choose an option to allow to run the program anyway.
For me personally, I don't care. Remote users, however, are not as willing to do this because if Windows says it is dangerous, then they question it.
This crosses over to the other post I made about switching from agent to host. They can run the agent (unmodified) without any warnings, and then I can upgrade through viewer to a modified host (without any warnings). However, that is when the ID gets changed.
So, if I have the remote user install the unmodified host, I have to walk them through the install options and then how to create an ID after that. If I do the agent-to-host, I still have to have them tell me the initial ID/pass (which is good because the agent puts it right in the center of the screen), but then I have to have them go into the host after upgrade and tell me the new ID.
I'm trying to simplify it so they tell me the initial ID/Pass from the agent that pops up in the center of the screen, and then, if needed, I can switch to host without having them have to go into host and get the new ID, and without them having to install modified host themselves and have the big windows warnings.
One workaround that I have played with is installing the self-hosted server at my location, and putting that address into the modified host that I use to upgrade through viewer. That works because then I can see the new ID inside the server as soon as the viewer does the remote upgrade. However, that seems like quite a lengthy workaround just to get the ID.
Internet Explorer is Version 11.
Windows is Windows 10 (but I am pretty sure Windows 8 is the same issue).
Windows 8 and Windows 10 have "SmartScreen" filter that throws huge warnings when running programs that it doesn't know if safe or not. To actually run them, you have to choose "More Options" and then choose an option to allow to run the program anyway.
For me personally, I don't care. Remote users, however, are not as willing to do this because if Windows says it is dangerous, then they question it.
This crosses over to the other post I made about switching from agent to host. They can run the agent (unmodified) without any warnings, and then I can upgrade through viewer to a modified host (without any warnings). However, that is when the ID gets changed.
So, if I have the remote user install the unmodified host, I have to walk them through the install options and then how to create an ID after that. If I do the agent-to-host, I still have to have them tell me the initial ID/pass (which is good because the agent puts it right in the center of the screen), but then I have to have them go into the host after upgrade and tell me the new ID.
I'm trying to simplify it so they tell me the initial ID/Pass from the agent that pops up in the center of the screen, and then, if needed, I can switch to host without having them have to go into host and get the new ID, and without them having to install modified host themselves and have the big windows warnings.
One workaround that I have played with is installing the self-hosted server at my location, and putting that address into the modified host that I use to upgrade through viewer. That works because then I can see the new ID inside the server as soon as the viewer does the remote upgrade. However, that seems like quite a lengthy workaround just to get the ID.
Conrad Sallian,
Support (Posts: 3013)
Oct 11, 2015 7:32:38 am EDT
Hi Jack,
I see what you mean. But signing the modified installers with a signature will only be possible after we provide an online configurator. Until then, we cannot provide such a feature because it can be easily tampered with and our signature may be compromised.
But as I said, we will be making Agent/Host more flexible in the future, namely provide the option to convert Agent into Host.
I see what you mean. But signing the modified installers with a signature will only be possible after we provide an online configurator. Until then, we cannot provide such a feature because it can be easily tampered with and our signature may be compromised.
If you are telling users to install something on their PC, then they trust you. You can simply tell them that this is a standard Windows warning and that they don't have to worry. Then ask them to accept file download/installation, whatever is the case.For me personally, I don't care. Remote users, however, are not as willing to do this because if Windows says it is dangerous, then they question it.
But as I said, we will be making Agent/Host more flexible in the future, namely provide the option to convert Agent into Host.
Greg Carson,
User (Posts: 1)
Jul 06, 2016 10:52:49 am EDT
Support level: Free or trial
The real issue is some users do NOT even know to hit "more info" to start the install.
I am pulling my hair out before "Remoting" in.
I am pulling my hair out before "Remoting" in.
Conrad,
Support (Posts: 3013)
Jul 06, 2016 12:41:15 pm EDT
Hello Greg,
In one of the nearest updates we will implement an ability to apply our digital signature even when configuring custom Agents/Hosts. Hope that will help with this issue.
In one of the nearest updates we will implement an ability to apply our digital signature even when configuring custom Agents/Hosts. Hope that will help with this issue.
* Website time zone: America/New_York (UTC -4)