OpenLens icon indicating copy to clipboard operation
OpenLens copied to clipboard

Published 20 hours ago verified publisher icon MuhammedKalkan

Windows Defender blocks unsigned packages.

Open nadeda01 opened this issue 3 years ago • 5 comments

As the package is unsigned, Windows Defender blocks package from installation.

nadeda01 avatar Jun 01 '22 15:06 nadeda01

As a work around you can unblock the exe, assuming you have admin rights. But I agree this should be fixed.

glloyd2010f avatar Jun 06 '22 15:06 glloyd2010f

Sometimes it doesn't even show the dialog box for unblocking. A workaround seems to be launching the exe from the old CMD.

BlackCetha avatar Jul 12 '22 19:07 BlackCetha

Sometimes it doesn't even show the dialog box for unblocking. A workaround seems to be launching the exe from the old CMD.

Works - thx!

Windows is such a painful thing ...

toralf avatar Aug 04 '22 08:08 toralf

We have 5 patterns now. Getting closer for a signed windows binary?

sanarena avatar Sep 05 '22 04:09 sanarena

You can see amount collected at the patreon page. Currently 34.75$. So not yet

MuhammedKalkan avatar Sep 05 '22 06:09 MuhammedKalkan

Does someone test if a self-signed code signature would resolve the issue?

jkroepke avatar Sep 21 '22 18:09 jkroepke

Just using work arounds - we can close this issue.

nadeda01 avatar Sep 21 '22 19:09 nadeda01

Maybe explain your work arounds?

jkroepke avatar Sep 21 '22 19:09 jkroepke

We have about 98.7$ (a few bucks lower maybe when transaction fees apply) ready for a windows sign cert. Do you have any recommendations for a purchase ? I am thinking about comodo : 85$ for one year @sanarena @jkroepke @janhoy

MuhammedKalkan avatar Oct 01 '22 19:10 MuhammedKalkan

I do not have much experience in code signing. I found this one a bit cheaper.

sanarena avatar Oct 07 '22 17:10 sanarena

I tried to purchase from comodo but sectigo which issues certs demanded id with the address written on it. Unfortunately we dont have that kind of id and they rejected my documents. Talked them twice on the phone and decided to get a refund.Might be a 3rd talk because 2 days already passed. Still waiting for that, i am afraid that there might be a possibility that they may not refund it. Such a headache for just a cert

MuhammedKalkan avatar Oct 07 '22 19:10 MuhammedKalkan

@MuhammedKalkan If this is still open, you can contact us. We could sign LTE versions of OpenLens for you and it would be great to have a cool "Sponsored by United Manufacturing Hub" banner somewhere. If you are interested, feel free to contact us:

https://www.umh.app/

Ask in your message for jeremy :)

JeremyTheocharis avatar Oct 21 '22 13:10 JeremyTheocharis

@JeremyTheocharis Thanks for the offer. We are talking details about this in discussions section. We have collected money for the cert , just trying to find someone to buy and money transfer issues.

About a banner, i suppose you are referring to put something inside the app. In that case we are not modifying the source code in any means. However, we can add a shout out inside README file of the repo.

Also signing and producing the binaries are automated. So we need to define cert as a secret inside this repo. Thats an easy thing to do, once we define cert owner as a collaborator.

MuhammedKalkan avatar Oct 21 '22 15:10 MuhammedKalkan

@JeremyTheocharis Thanks for the offer. We are talking details about this in discussions section. We have collected money for the cert , just trying to find someone to buy and money transfer issues.

About a banner, i suppose you are referring to put something inside the app. In that case we are not modifying the source code in any means. However, we can add a shout out inside README file of the repo.

Also signing and producing the binaries are automated. So we need to define cert as a secret inside this repo. Thats an easy thing to do, once we define cert owner as a collaborator.

Due to legal reasons, we would not be able to give the certificate to anyone else. If you want to do it automatically, then we need to ensure that we maintain full control over the signing process, which is likely only possible if we use as company our own repository.

So two ideas:

  1. We do the building and signing manually once per month for major releases
  2. We clone your repository, give you write access to everything except the main branch, and setup the signing process for the main branch. With this we can ensure that nobody can sign in our company name.

If you are interested, my colleague can take over with the purchasing and setup process

JeremyTheocharis avatar Oct 24 '22 11:10 JeremyTheocharis

We successfully purchased an EV Code Signing Certificate and will setup signed executable files in the upcoming days. These certificates are hardware bound (HSM), so we cannot setup automated code signing and need to do it manually.

@MuhammedKalkan: Please contact us to align on how we want to proceed here: www.umh.app

JeremyTheocharis avatar Nov 09 '22 09:11 JeremyTheocharis

Hi together,

we successfully forked this repository and will offer signed binaries for Windows in the new repository: https://github.com/united-manufacturing-hub/UMHLens

Regards, Jeremy

JeremyTheocharis avatar Nov 11 '22 10:11 JeremyTheocharis

Hi @JeremyTheocharis ,

Sorry for the late response. Decision was to continue auto signing process and now it is also completed. Thank you for your time and offer

MuhammedKalkan avatar Nov 20 '22 12:11 MuhammedKalkan