Feature: `gsudo --ti` to run as TrustedInstaller

[xmrv]

I know this has been discussed before but I'd like to come up with a couple examples as to why TI is a good addition and AV detection should not be a consideration.

• Users of such tools know how to deal with AVs and often uninstall them completely.
• Similar project nsudo (LC) offers TI without virustotal detection (longer syntax though).
• Some Windows registry keys related to customization need TI to change them (HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Settings\Network).

I am by no means a seasoned dev, just thought this would be a god tier tool if TI was an option.

[gerardog]

Thanks for your input. I understand that running as TI is useful for some audience.

If gsudo is flagged as virus by Microsoft Defender, or any top 5 av vendor, means game over for the project. Not only for the less techy audience who can't configure an AV. Who would run elevated a downloaded program flagged as virus? Certainly not me.

The functionality can be added and, whenever is ready, will have to launch as pre-release for a while. Let's test how AV vendors respond.

[gerardog]

How does "gsudo --ti" argument sound ? Check out https://ci.appveyor.com/project/gerardog/gsudo/builds/43343399/artifacts

Replace your gsudo.exe folder contents with those artifacts. Let me know if you tested it and any issue. Edit: not happy with the implementation.

[xmrv]

Sounds good and it worked, thank you. Should I send false positive reports to AVs now or wait for a signed build or both?

[gerardog]

Do not submit to AV vendors yet. Let me review the code and I will release a signed build. I had trouble getting a TI token from Trustedinstaller service, so I used the SCHTASK method, but I still want to give it another try.

[gerardog]

Updated build artifacts:
https://github.com/gerardog/gsudo/actions/runs/2989503528 (scroll down)

[xmrv]

First and most importantly, thank you.

The executables do not have a signiture when checked with sigcheck. So am I correct to assume I should still wait for the signed build for submission?

[gerardog]

The wait is almost over! I renewed the certificate this week. Later today or tomorrow.

[gerardog]

The new certificate needs to build up some reputation in order to avoid being flagged as potentially unwanted app.

I've submitted v1.4.1 to Microsoft Defender...

But the warning still shows up.

[xmrv]

Using the guides here and here I've submitted gsudo.exe to nearly 70 vendors in addition to a manual submission via Defender.

https://i.imgur.com/O7IdqNL.png

https://i.imgur.com/EvixEaX.png

https://i.imgur.com/avhaNxE.png

[gerardog]

This feature has shipped in the v1.5.0 release. It will be marked as a pre-release for at least a few days until SmartScreen gathers enough "reputation". Please do not submit to av vendors, unless it is flagged as virus.