
Question:
I have digitally signed my files with my Authenticode Signing Certificate (Code Signing), yet my IE9 users see a message containing: 'This file is not commonly downloaded and could harm your computer.' What can I do?
Answer:
Your software needs to build up a reputation within the Windows community. The more that download and run your file, the better. We also STRONGLY advise you to ALWAYS serve your downloads over HTTPS instead of traditional HTTP.
As per Microsoft:
Downloads are assigned a reputation rating based on many criteria, such as download traffic, download history, past antivirus results and URL reputation. Reputation is generated and assigned to digital certificates as well as specific files.
As an application developer, there are industry best practices that will affect your download's reputation. To help establish your application's reputation, consider doing the following:
* Digitally sign your programs with an Authenticode signatureReputation is generated and assigned to digital certificates as well as specific files. Digital certificates allow data to be aggregated and assigned to a single certificate rather than many individual programs.
* Ensure downloads are not detected as malwareDownloaded programs that are detected and confirmed as malware will affect both the download’s reputation and the reputation of the digital certificate.
* Apply for a Windows LogoTo learn more about the Windows Logo visit the Windows 7 Logo Program page on MSDN. This is a free process for signed programs that can help establish reputation for your download.