Digitally Signed Files

As a programmer who writes legit virus free programs and offers them to my customer to download and install, i find it frustrating that the Avast solution to .exe files is to scan the file for 15 seconds, find no virus, then tell the customer that this “file might be dangerous” then offer a useless “i trust this file” choice and then not allow the file to run. Even though my .exe file is digitally signed and noted as a Trusted Publisher by Windows, Avast shows it as “unknown” publisher. Why is this hapenning to 3 computers i tested this on and numerous customers using the latest Avast?

http://www.kaisergame.com/temp/screen.png

As you’re a developer, read here:

https://www.avast.com/faq.php?article=AVKB229
https://www.avast.com/faq.php?article=AVKB228

As a programmer you should know that a signer and a publisher are two different things.

Yep, as Eddy says, and self-signed is even worde.

polonus

As i mentioned “my .exe file is digitally signed and noted as a Trusted Publisher by Windows”

http://www.kaisergame.com/temp/screen2.png

“Avast shows it as “unknown” publisher”
What im trying to show here is that my file is signed but why is it shown as Unknown?
This is 100% of the reason I paid for the Certificate was to prevent a virus checker from blocking my application installation to my customer.

And to be even more specific. My Certificate is from Comodo. And what i mean by “Trusted Publisher”

http://www.kaisergame.com/temp/screen3.png

But here it is wrongly installed: You have 1 error
Wrong certificate installed.
The domain name does not match the certificate common name or SAN.
Warnings
RC4
Your server’s encryption settings are vulnerable. This server uses the RC4 cipher algorithm which is not secure.
SSLv3
Your server’s encryption settings are vulnerable. This server uses the SSLv3 protocol, which is not secure.
This server is vulnerable to:
Poodle (SSLv3 protocol)
This server is vulnerable to a Poodle (SSLv3) attack.
Certificate information
This server uses a Domain Validated (DV) certificate. No information about the site owner has been validated.
Data is protected, but exchanging personal or financial information is not recommended.

Common name:
phahs.ca
SAN:
phahs.ca, www.phahs.ca
tested certificate on a Comodo RSA intermediate certificate.

As you see it has issues.

polonus

I have zero clue what you just said…

First off im not talking about a Domain SSL certificate here

And second what does phahs.ca have to do with this? Thats not my website.

Im talking about a Code Sigining Certificate issued by Comodo.
A Code Signing Certificate allows software developers to digitally sign their software before distribution over the Web. End users downloading your digitally signed 32-bit or 64-bit program can be confident that the code has actually come from you and has not been modified since it was signed.

This is not a self-signed cert issued by my domain.

https://www.virustotal.com/en/file/630b81e3ba53c174fd20068155740f122578fff957be8f56a4ac575296337921/analysis/1498361990/

Compile date : 2017-02-09
Signing date : 2017-06-24
Signing was done after the first post here. Hmm.

SSLABS :
https://www.ssllabs.com/ssltest/analyze.html?d=www.kaisergame.com
Certificate name mismatch.
Try these other domain names (extracted from the certificates):
phahs.ca
www.phahs.ca

Oh and when I click on “download” it means I expect to start downloading something and not being directed to another page where I have to click on another “download” button.

This is a Clickonce deployment, where Visual studio signs using my certificate. The sign date is new because I have been using Ksign to dual sign my Setup.exe over the past week to see if its a fixable problem. Not sure where your seeing a compile date of 02-09 as i have been recompiling and updating to try and see whats causing this for a week now.

The first page doesnt say “Download” it says “Get Kaiser Four”. Nothing wrong with redirecting to a single page that has more information and thats just my preference.

My website is hosted through Sibername and i never thought to test my certificate there. Glad you pointed that out as I have no idea why phahs.ca is listed there. Sibername has always had problems with crashing and them having to restore my domain. Im going to be talking to them about that. Thanks for pointing that out. :-\

Is it possible that this is why Avast is blocking? I thought it was reading the .exe file. Even after compiling and running from my computer Avast still blocks regardless of downloading from my website.

When i released the product in April i tested with Avast and it always approved it and i never had any complaints. Its just lately ive noticed because i use Avast myself and no matter what I do Avast blocks until it can approve it.

Hi Kevin480,

Report back to avast then and wait for their reaction, giving a link to this thread may help.
Re: https://www.avast.com/false-positive-file-form.php

Anyway you should also get rid of that website name mismatch, menteniod here: SSLABS :
https://www.ssllabs.com/ssltest/analyze.html?d=www.kaisergame.com
Certificate name mismatch.

polonus

Its not being reported as a False-Positive though. Its just not reading my Certificate. A day later I am getting the reports back from Avast that the file is safe then they do Open eventually. I had this problem before the Certificate and after i bought it and used it the problem went away.

I have submitted my 2 programs to your FTP server and i got a response of “Both files were moved to cleanset.”.

Im not sure why that ssllabs is reading my website that way because i just checked and I dont even have SSL enabled on my site and that IP address that it list is not mine, it belongs to Sibername. I have nothing on my site that uses SSL.

Im sure you have all downloaded and tried the Setup.exe by now, are you finding the same thing I am?

Hello Kevin480.

So far we were unable to reproduce your problem - prevalence of the files we found was too high thus it wouldn’t go to CyberCapture anymore. Could you please upload the specific file which goes to CyberCapture and is displayed with the “Unknown” publisher to our FTP server? Here is the step-by-step tutorial how to do so: https://www.avast.com/en-us/faq.php?article=AVKB160
Please don’t forget to post here a filename and password for the archive.

Thank you for your time and cooperation.