Trying to install my application but getting a Security Warning

Knox 26 Reputation points
2020-10-12T20:45:31.787+00:00

I've created an application and built an installer via Publish in Visual Studio. I can install the application on my computer but I have to OK the install. However, other users in my company aren't able to install the application at all. They get a message that says: Your administrator has blocked this application because it potentially poses a security risk to your computer. With no option to accept or bypass.

These applications I'm making are only used within the company. Is there a way to publish my application so it isn't blocked by Windows?

Visual Studio
Visual Studio
A family of Microsoft suites of integrated development tools for building applications for Windows, the web and mobile devices.
4,628 questions
Windows 10 Security
Windows 10 Security
Windows 10: A Microsoft operating system that runs on personal computers and tablets.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
2,759 questions

4 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Brandon 11 Reputation points
    2021-03-03T23:18:02.137+00:00

    I ran into this issue as well and was unable to find an answer that I was happy with. You can edit the registry to get the application to install, but that is not a reasonable deployment strategy and the registry settings are there to do exactly what they are doing. Prevent unauthorized click once applications from being installed.

    We have a code signing certificate that we use to sign our custom applications. When I got the error the first time we noticed that the Publisher was not populated correctly. We had to correct how the signing certificate was used in the project and recompile. I still got the error, but the publisher information was correct this time.

    73956-image.png

    If I click on the publisher hyper link it prompted me to install the code signing certificate.

    73930-image.png

    You have the choice to store the cert in the Current User or Local Machine stores. If the app is specific to just one user then the Current User store is fine. Each user opening the application for the first time on each machine would have to go through this process. If all users using the machine would need the application then I would opt for Local Machine. You do need administrative rights to install the cert in the Local Machine store.

    When installing the cert it gives you the option for Windows to choose where the cert goes or you can force it to place the cert in a specific store. I tried the automatic option first which did not work. It put the cert in the Other People store. I repeated the process and forced the cert into the Trusted Publishers store and then the application was able to open. I did not experiment with publishing the cert to other stores.

    73982-image.png

    73947-image.png

    73992-image.png

    My trust manager prompting level registry settings remain disabled.

    73957-image.png

    We proactively deploy our code signing certificate to the Local Machine Trusted Publisher store on all appropriate corporate workstations so that our in-house click once apps work for our employees. If you are creating apps for customers outside of your organization you will probably want to get a third party code signing cert. We only use our apps internal to our network so we used our internal certificate authority to create our code signing cert.

    2 people found this answer helpful.
    0 comments
  2. Tianyu Sun-MSFT 27,356 Reputation points Microsoft Vendor
    2020-10-13T06:59:19.083+00:00

    Hello Knox,

    Thank you for taking time to post this issue in Microsoft Q&A forum.

    Please follow this document: How to: Configure the ClickOnce trust prompt behavior and try to change the Registry setting value of related Zone and Options, by pressing Windows Key + R > type regedit > find the following registry key: \HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\.NETFramework\Security\TrustManager\PromptingLevel (if the key does not exist, create it). Also, please note: registry is very important and modify it carefully without changing other registry items, you can make a backup before changing it.

    Besides, if you try to use local administrator account to register the machines and install your application, will this issue disappear?

    Sincerely,
    Tianyu

    • If the answer is helpful, please click "Accept Answer" and upvote it.
      Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
    1 person found this answer helpful.
  3. Knox 26 Reputation points
    2020-10-14T01:23:18.663+00:00

    I'm wanting to deploy an application on my company's intranet that will allow users to install the application and it will check for an update each time they run the application. All without getting annoying security messages popping up each time.

    I've created the application, I've deployed it on our local intranet, the application updates when a new version is available, but the users are bombarded with security messages.

    There has to be a tutorial or something that explains the whole process. I've seen some on Microsoft say "Obtain a certificate" but doesn't explain how. And then some refer to some EXE called MakeCert.exe but apparently it's depreciated.

    I just don't feel this process should be so difficult. Any tips would be helpful. Thank you.

  4. Nigel Wright 291 Reputation points
    2021-03-04T14:43:10.1+00:00

    I used to sell software I wrote myself and anti virus and windows defender are a nightmare.
    You have to get your software white listed.
    On the pc your running on you have to register your software with windows defender to stop it complaining.
    This is even after signing the software.