I distribute freeware AHK apps compiled with Ahk2Exe. More and more often, users installalling one of the apps receive malware alerts from their protection software. To prevent this, I want to sign my exe compiled files with a certificate. Does anybody here has experience with this?
From my research, I understand that I have to:
- buy a certificate "Microsoft Authenticode certificate" from one of the trusted root certificate
(http://social.technet.microsoft.com/wik ... april.aspx)
(http://www.softwarepublishercertificate.com/)
- install the Windows 10 SDK in order to use the SignTool.exe utility included in this kit.
(https://developer.microsoft.com/en-us/w ... ows-10-sdk)
- use the SignTool.exe
(https://msdn.microsoft.com/en-us/library/8s9b9yaz.aspx)
(how-to from a certificate vendor: https://www.digicert.com/code-signing/s ... d-line.htm)
This is where I am in my research. Would you have any advice or suggestions? Any specific advice related to signing apps compiled with Ahk2Exe?
Thanks,
Jean
Code signing certificates for AHK compiled scripts
Code signing certificates for AHK compiled scripts
Last edited by JnLlnd on 09 Aug 2016, 16:20, edited 1 time in total.
Author of freeware Quick Access Popup, the powerful Windows folders, apps and documents launcher!
Now working on Quick Clipboard Editor
The Automator's Courses on AutoHotkey
Now working on Quick Clipboard Editor
The Automator's Courses on AutoHotkey
Re: Code signing certificates for AHK compiled scripts
Thanks, I have not found it when I searched the forum. I'm going to read it right now.
Author of freeware Quick Access Popup, the powerful Windows folders, apps and documents launcher!
Now working on Quick Clipboard Editor
The Automator's Courses on AutoHotkey
Now working on Quick Clipboard Editor
The Automator's Courses on AutoHotkey
Re: Code signing certificates for AHK compiled scripts
To follow-up about the thread mentioned by Guest, yes, Mr Joe knows. This thread answered most of my questions. The author of the OP had issue with its signed compiled file but this was related to using an incorrect version of the AutoHotkey runtime, not about the signing itself.
One question remains. Is is correct to think that signing an exe will prevent malware false alerts as described in this thread?
One question remains. Is is correct to think that signing an exe will prevent malware false alerts as described in this thread?
Author of freeware Quick Access Popup, the powerful Windows folders, apps and documents launcher!
Now working on Quick Clipboard Editor
The Automator's Courses on AutoHotkey
Now working on Quick Clipboard Editor
The Automator's Courses on AutoHotkey
Re: Code signing certificates for AHK compiled scripts
It may or may not reduce the risk of false positives. I doubt that every antivirus cares about digital signatures and "Microsoft Authenticode", but if you're specifically concerned about MSE and Defender, it might help.
It might reduce the risk of "red flags", like Microsoft's SmartScreen service preventing your file from being download/run due to lack of "reputation".
It might reduce the risk of "red flags", like Microsoft's SmartScreen service preventing your file from being download/run due to lack of "reputation".
Re: Code signing certificates for AHK compiled scripts
Thank you for this follow-up, Lexikos. I was a little more optimistic about the effect of digital signature. But, as you mentioned, it won't hurt...lexikos wrote:It may or may not reduce the risk of false positives. I doubt that every antivirus cares about digital signatures and "Microsoft Authenticode", but if you're specifically concerned about MSE and Defender, it might help.
It might reduce the risk of "red flags", like Microsoft's SmartScreen service preventing your file from being download/run due to lack of "reputation".
Author of freeware Quick Access Popup, the powerful Windows folders, apps and documents launcher!
Now working on Quick Clipboard Editor
The Automator's Courses on AutoHotkey
Now working on Quick Clipboard Editor
The Automator's Courses on AutoHotkey
Re: Code signing certificates for AHK compiled scripts
Hi,
I was looking for cheapest solutions for this and I came across K Software with free ksign companion program.
They are a Comodo reseller.
http://codesigning.ksoftware.net/
https://www.raymond.cc/blog/cheapest-co ... getting-it
I would want to use it for signing a Unicode AHK_L mpress compiled exe inside a XXXsetup.exe file made with
INNO Script Studio Setup Compiler.
Anyone tried this? Would it work for above. It seems cheaper and the free ksign seems much simpler than all
the MS routines. I would want to use it within the INNO Script Studio (Inno Setup Compiler v5.5.4 u) program
to auto add the signing whenever I update the setup.exe file.
Anyone know about the coupons referred to in the raymond.cc blog link posted above?
I am using old W7, 32 bit, IE11
Thanks
I was looking for cheapest solutions for this and I came across K Software with free ksign companion program.
They are a Comodo reseller.
http://codesigning.ksoftware.net/
https://www.raymond.cc/blog/cheapest-co ... getting-it
I would want to use it for signing a Unicode AHK_L mpress compiled exe inside a XXXsetup.exe file made with
INNO Script Studio Setup Compiler.
Anyone tried this? Would it work for above. It seems cheaper and the free ksign seems much simpler than all
the MS routines. I would want to use it within the INNO Script Studio (Inno Setup Compiler v5.5.4 u) program
to auto add the signing whenever I update the setup.exe file.
Anyone know about the coupons referred to in the raymond.cc blog link posted above?
I am using old W7, 32 bit, IE11
Thanks
Return to “Other Utilities & Resources”
Who is online
Users browsing this forum: No registered users and 33 guests