ultim

Level 1
Answer from MS:

Code:
Thank you for your patience.

We investigated the issue you reported for TinyWallInstaller.msi downloaded from tinywall.pados.hu/files/. The warning you experienced indicates that the application has not yet established reputation within our system.
The certificate used to sign TinyWallInstaller.msi is currently in the process of establishing reputation in our system. Many factors contribute to establishing reputation, such as download traffic, download history, past anti-virus results and URL reputation, so it can be difficult to predict when a certificate will gain reputation. While your certificate is gaining reputation, your users can click through the warning and install your application by clicking on the link in the message: More information | Run anyway.
Once reputation has been established on your certificate, all your applications, when signed with the same known certificate and assuming nothing happens to denigrate the reputation of the certificate (such as being used to sign malware), should have a warn-free experience from the start. For that reason, Microsoft recommends that publishers sign all applications with the same digital certificate to help better expedite reputation gains and leverage known reputation for new and updated applications.
If establishing reputation immediately is critical, you may want to consider investing in an EV Authenticode certificate. An application signed with an EV Authenticode certificate can immediately establish reputation with SmartScreen reputation services even if no prior reputation exists for that file or Authenticode certificate. EV code signing certificates are now being issued by Symantec / DigiCert and GlobalSign.
For more information, please refer to SmartScreen® Filter Frequently Asked Questions (https://feedback.smartscreen.microsoft.com/smartscreenfaq.aspx).

Regards,
Microsoft Windows Defender Response
Meaning, there is no way other than many people downloading over Edge or buying an EV certificate, as originally feared. It is quite absurd, both that you need to build reputation to not get blocked even though they've already verified that you are not malware, and also that you can buy your reputation by paying hundreds of dollars for an EV certificate. Even with a normal digital certificate, they've already verified that my person and contact details are real, so what more do they want?

And maybe worst, any reputation that I manage to build up seems to be coupled to my exact digital certificate. So when I renew my certificate next year because the current one expires, my reputation will be lost and I can begin from scratch.
 

ZeroDay

Level 28
Verified
Malware Tester
Answer from MS:

Code:
Thank you for your patience.

We investigated the issue you reported for TinyWallInstaller.msi downloaded from tinywall.pados.hu/files/. The warning you experienced indicates that the application has not yet established reputation within our system.
The certificate used to sign TinyWallInstaller.msi is currently in the process of establishing reputation in our system. Many factors contribute to establishing reputation, such as download traffic, download history, past anti-virus results and URL reputation, so it can be difficult to predict when a certificate will gain reputation. While your certificate is gaining reputation, your users can click through the warning and install your application by clicking on the link in the message: More information | Run anyway.
Once reputation has been established on your certificate, all your applications, when signed with the same known certificate and assuming nothing happens to denigrate the reputation of the certificate (such as being used to sign malware), should have a warn-free experience from the start. For that reason, Microsoft recommends that publishers sign all applications with the same digital certificate to help better expedite reputation gains and leverage known reputation for new and updated applications.
If establishing reputation immediately is critical, you may want to consider investing in an EV Authenticode certificate. An application signed with an EV Authenticode certificate can immediately establish reputation with SmartScreen reputation services even if no prior reputation exists for that file or Authenticode certificate. EV code signing certificates are now being issued by Symantec / DigiCert and GlobalSign.
For more information, please refer to SmartScreen® Filter Frequently Asked Questions (https://feedback.smartscreen.microsoft.com/smartscreenfaq.aspx).

Regards,
Microsoft Windows Defender Response
Meaning, there is no way other than many people downloading over Edge or buying an EV certificate, as originally feared. It is quite absurd, both that you need to build reputation to not get blocked even though they've already verified that you are not malware, and also that you can buy your reputation by paying hundreds of dollars for an EV certificate. Even with a normal digital certificate, they've already verified that my person and contact details are real, so what more do they want?

And maybe worst, any reputation that I manage to build up seems to be coupled to my exact digital certificate. So when I renew my certificate next year because the current one expires, my reputation will be lost and I can begin from scratch.
Microsoft work like a Government. A dictatorship at times.
 

ultim

Level 1
I am glad to cooperate. Good job:)(y)(y)(y)
I installed v2.99.7. There seems to be a problem importing past settings.
Oh, okay, that should have worked, actually. Do you mean the automatic setting migration when you install a new version over an older one, or did you use the Import button in the management window after installation? The first one only works if you did not already uninstall the previous version.