The installer can be unblocked by opening its Properties dialog and ticking the Unblock box near the bottom of the General tab.
Update from SHA-1 to SHA-2 Certificate authorities should no longer sign newly generated certificates using the SHA-1 hashing algorithm. Customers should ensure that their certificate authorities are using the SHA-2 hashing algorithm to obtain SHA-2 certificates from their certificate authorities. To sign code with SHA-2 certificates, see the guidance on this topic at Windows Enforcement of Authenticode Code Signing and Timestamping."
this is the first and only instance of Windows SmartScreen ever flagging a foobar installer, and in this case it seems to believe the 1.3.10 installer is from an unknown publisher.edit: also this issue is occurring with both the SHA-256 signed installer and the previous one from last week.
Quote from: Jailhouse on 28 March, 2016, 10:14:27 AMThe installer can be unblocked by opening its Properties dialog and ticking the Unblock box near the bottom of the General tab. Hmm, I don't see this option. I'm running Win10 Pro Insider Build 14291.
Yes, so it is essentially StartSSL fault, thanks for the effort.If Microsoft tools consistently reported failure, it would be at least easier to explain to them; instead they just blame Microsoft SmartScreen.It's even funnier that with my certificate, I cannot sign anything outside my Windows 7 VM used for foobar2000 compiling and packaging, signtool running natively on my Windows 10 workstation refuses to sign, but it won't say in detail why the cert chain is wrong.
For the policies being enforced for code signing and timestamping certificates at what level of the PKI hierarchy is the policy being enforced at?The policies will be enforced for all the certificates under the root certificate (i.e. the leaf and intermediate certificates)
Anyway, with the signature removed, we no longer trip SmartScreen as far as I can tell.