phargogh
commented
2 weeks ago This SO answer suggests that because we are using a new certificate, it will take a little time (a few days maybe?) for SmartScreen to trust it. So we can/should expect this issue to recur whenever we get a new certificate. The way around this is some kind of special certificate called an “Extended Validation” code signing certificate, which does not have this trust period.
We've confirmed from a few folks that downloading the InVEST 3.14.2 workbench have been seeing a smartscreen alert (see image below) despite the binary having been signed, as demonstrated on the popup. This wasn't always the case - is it possible to avoid this popup the first time the application starts?