How Do I Get My Software Recognized by Microsoft SmartScreen?

Microsoft's SmartScreen filter can give software developers big headaches

Microsoft SmartScreen is a filter that helps users identify phishing and malware sites, while also providing critical information about downloads. It's that second part that gives developers nightmares.

That's because Microsoft has the ability to cancel a conversion with a simple warning message. It's excruciating. You've succeeded all the way to the point your customer is downloading your software when a warning message pops up and ruins everything. How infuriating.

Microsoft SmartScreen

What's more, how do you convince Microsoft that you're legitimate? How do you make this message go away? The life of your business hangs in the balance.

Here's how Microsoft describes its download filtering practices:

"SmartScreen checks files that you download from the web against a list of reported malicious software sites and programs known to be unsafe. If it finds a match, SmartScreen will warn you that the download has been blocked for your safety. SmartScreen also checks the files that you download against a list of files that are well known and downloaded by many people who use Internet Explorer. If the file that you're downloading isn't on that list, SmartScreen will warn you."

It all comes down to Application Reputation. Microsoft uses this method to filter verified "good" software from malicious code and scripts. Unfortunately, it's an inexact science and for smaller developers getting trusted can be exceedingly difficult.

But there is a way to get instant validation.

How do I get my software trusted by Microsoft SmartScreen?

To be immediately trusted by Microsoft SmartScreen you need to invest in an Extended Validation (EV) Code Signing certificate. Microsoft has decided that the level of vetting required by a traditional code signing certificate is insufficient, as a result a more extensive level of verification is required to be trusted by SmartScreen.

Extended Validation (EV) Code Signing certificates require an organization to undergo intensive vetting. An organization is required to furnish registration information and prove that it is a legitimate legal entity operating in good faith in its locality. This process can take up to five business days.

It's not really a hassle for businesses with up-to-date records, and in some cases, it can even be expedited.

Without an EV Code Signing certificate your software goes through a difficult process before it is either blacklisted or whitelisted. Microsoft evaluates whether the software has been previously encountered using telemetry data collected from users. That means until your software has been adequately downloaded, it will flag as not having sufficient reputation and Microsoft will issue a browser warning about the software.

That's the Catch 22. How do you gain reputation when Microsoft is actively killing your conversions?

There's only one answer: Extended Validation Code Signing

Get me Trusted by Microsoft SmartScreen

Comodo EV Code Singing