Windows 10 Defender does not like the BrowserSelect installer

[lhagan]

I downloaded the installer from GitHub and was unable to install it on Windows 10 due to Windows Defender -- it flagged the installer as "Unknown" and did not provide any option to bypass. I think Defender doesn't like that it's an exe instead of a zip download as the former is easier for a user to run by mistake. Managed to work around without disabling Windows Defender by zipping the exe, moving it to an external drive, then moving it back, unzipping and running the installer.

It might be helpful to zip the installer download. Even better would be to code sign BrowserSelect, but I've heard this can be a real hassle (and possibly not free?) so I understand why would wouldn't want to do so.

[zumoshi]

Hello,

I've just tested v1.3.7 of browser select on a fresh install of win 10 and managed to install it without needing to make a zip file and using an external drive or even disabling windows defender.

upon download (using edge) as you suggested it displayed a warning indicating that you have downloaded an unsigned executable. However, it did not automatically delete it.

Upon trying to run I was faced with this warning from windows defender:

Again, it didn't say anything malicious was found, just that the code is not signed, (unrecognized). While it may seem there is no option to run it, that is not the case, the option is just hidden under the more info link:

pressing run anyway here, launched the installer without any more interruptions from windows defender.

While the "Correct" solution here is for me to sign my code, and I don't even mind the hassle neither, I failed to find any free certificates for code signing, and paying 100$+ yearly is not a feasible option for me.

[lhagan]

Thanks for checking this out. I don't think I have any special security settings enabled, but I do not get the "Run anyway" button after clicking "more info". I also tried downloading the file using Edge (instead of Opera) and running as Administrator, but neither of those gave me the "Run anyway" option.

[zumoshi]

it's strange that you don't have the "run anyway" option.

two other ways that I saw on the web (without disabling the windows defender) are:

1. unblocking file via right click->properties:

2. running from the command prompt: search cmd in the start, then Shift+right click on BrowserSelect and select Copy as Path then right click on the command prompt and press enter.

I have managed to run browserselect without disabling windows defender on a fresh install of windows 10 (v1703 build 15063) using all 3 methods.

see also: https://www.reddit.com/r/Windows10/comments/3fk6ks/how_to_unblock_a_publisher_on_windows_10/ http://www.tweaklibrary.com/2017/06/29/how-to-ignore-the-smartscreen-filter-in-windows-10-and-install-unrecognized-apps/

if your windows installation is somehow missing these options too but manages to install from a zip file, I will consider distributing browserSelect as a zip file.

[lhagan]

Thanks - these are obviously better workarounds than mine. While I could not find a way to get the "Run anyway" approach to work, both "Unblock" and running from cmd worked. "Unblock" is the easiest -- might be worth adding a note in the readme.

[Julime]

I think this should be reopened. The issue seems to be that the software is not signed correctly https://stackoverflow.com/questions/252226/signing-a-windows-exe-file

[zumoshi]

@Julime I've read the link you provided, but I didn't see anything I didn't already know. They suggest two approaches:

1. Create a self-signed certificate, which won't have any effect unless the user installs it as a trusted CA. Which works for corporate environments where the sysadmin can deploy the certificate, but not for random users. If anything the process of installing a certificate as trusted is scarier than ignoring an "unknown publisher" prompt after checking the executable with virus total.
2. Buying a certificate, which as I mentioned before I can't afford to at the moment.

If I missed something please reply with a quote to the relevant part(s). Alternatively, if you would like to donate a certificate I would use that from the next release.