none
SmartScreen and application reputation

    Question

  • I want to ask if it's possible to get some more info about the reputation process for an application to bypass the SmartScreen in Windows 8. 

    My app is signed with a valid certificate and already has hundreds of downloads ( may be thousands) and still the Smartscreen appears each time.

    How many time or downloads does it take to get a solid reputation and how can I deliver a new version of the application without having to rebuild again reputation ?

    Thanks.

    • Moved by Richard MuellerMVP Wednesday, December 11, 2013 7:42 PM Not "TechNet Wiki Discussion" question
    Wednesday, December 11, 2013 2:24 PM

Answers

  • Hi,

    Somebody say that Smart screen filter requires roughly 3,000 downloads, but I'm not sure as I didn't find any official statement about this.

    There are several industry best practices an application developer can follow to help establish and maintain reputation for your applications:

    1. Digitally sign your programs with an Authenticode signature.

    2. Ensure downloads are not detected as malware.

    3. Apply for a Windows Logo.

    You can refer to the link below for more details about SmarScreen Application Reputation.

    SmartScreen® Application Reputation – Building Reputation:

    http://blogs.msdn.com/b/ie/archive/2011/03/22/smartscreen-174-application-reputation-building-reputation.aspx

    Hope these helps.

     


    Roger Lu
    TechNet Community Support

    Monday, December 23, 2013 9:43 AM
    Moderator

All replies

  • This forum is for questions about the TechNet Wiki. I will move this question to a more appropriate forum.


    Richard Mueller - MVP Directory Services

    Wednesday, December 11, 2013 7:40 PM
  • Hi,

    In Windows 8, SmartScreen will only notify you when you run an application that has not yet established a reputation and therefore is a higher risk.

    You may need to check your code sign and certificate.

    Here is a paragraph below from MSDN blog:

    Microsoft SmartScreen & Extended Validation (EV) Code Signing Certificates:

    The deeper integration of SmartScreen Application Reputation also means that desktop app developers have an additional motivation to sign their code and establish reputation. We’ve talked in the past about the importance of digitally signing code for both establishing reputation and proving the authenticity of programs. I’m happy to say the development community has responded to this call to action. Since the release of SmartScreen Application Reputation in IE9 we’ve seen a 10% global increase in signed downloads, from 73% at IE9 RTM to >83% today.

    As we’ve discussed in the past, SmartScreen builds reputation for both individual programs and for the certificate used to sign that code. Code signing is important to our reputation intelligence because this higher level identity allows us to build reputation across multiple programs signed by a publisher. It is also important for publishers because signed programs inherit the reputation of the certificate with which they are signed; this means every program a publisher distributes doesn’t need to build reputation individually.


    Roger Lu
    TechNet Community Support

    Monday, December 23, 2013 8:09 AM
    Moderator
  • Thanks for your answer.

    I have already checked the signature and the certificate, both are valid and I sign also both the installer and the application. 

    But still, after already 3 months, it has not got the needed reputation to bypass the screen. 

    How many downloads does it take usually?

    Monday, December 23, 2013 8:41 AM
  • Hi,

    Somebody say that Smart screen filter requires roughly 3,000 downloads, but I'm not sure as I didn't find any official statement about this.

    There are several industry best practices an application developer can follow to help establish and maintain reputation for your applications:

    1. Digitally sign your programs with an Authenticode signature.

    2. Ensure downloads are not detected as malware.

    3. Apply for a Windows Logo.

    You can refer to the link below for more details about SmarScreen Application Reputation.

    SmartScreen® Application Reputation – Building Reputation:

    http://blogs.msdn.com/b/ie/archive/2011/03/22/smartscreen-174-application-reputation-building-reputation.aspx

    Hope these helps.

     


    Roger Lu
    TechNet Community Support

    Monday, December 23, 2013 9:43 AM
    Moderator
  • Thanks, Roger. 

    It seems the only options are spending more ( EV certificate, logo, store, etc) or simply wait. 


    Monday, December 23, 2013 10:21 AM