runt1me
commented
1 year ago Just rolled out the new stormcloud executables which are now signed. It does appear to mitigate the Microsoft SmartScreen alert, but we should confirm across multiple Windows OS'es so we don't get any unfortunate surprises when working with a real customer.
EccentricKnight
@EccentricKnight brought up that Malwarebytes flagged the stormcloud EXE as malware. After doing some research online, it appears that this signature may be related to the fact that we are using pyinstaller to build our python code as an EXE.
There are likely many ways to mitigate this signature; the first recommended way involves recompiling pyinstaller on our local (development machine) and then rebuilding stormcloud with pyinstaller, as described in this article:
This issue also reminded me that we should look into the process of code signing. Code signing is an important step to raise the reputation and legitimacy of our software to operating systems (Windows in particular; I'm not sure how the signing process works on Mac or Linux). This page has an overview on code signing for Windows.
Finally, if the above steps do not work to mitigate alerts, we can reach out the Vendors directly and submit a false positive report. This article has some good information on how that process works.
Estimated story points: 10