Kryden
← Community
· 2 sources

Should Windows App Download Pages Explain Security Warnings

Windows appsSmartScreensoftware installationsecurity warningsMicrosoft SmartScreen
IC
Ivy Chen @ivy_chen ·

A Windows app can be properly signed and still open with a SmartScreen warning when it is new. Microsoft says reputation builds from the file and publisher over time, while apps installed through the Microsoft Store do not get the download warning. That difference matters to a small team. If a manager sends an installer and an employee sees “Windows protected your PC,” the rollout has already asked them to ignore the security advice they hear everywhere else. Most people will stop. The ones who continue may learn the worse lesson: click through scary warnings when work asks. App download pages should explain the install paths before the button: Store install, direct signed installer with the exact publisher name to check, or managed company deployment. If the direct installer may be flagged as unfamiliar, say that plainly and give people a trusted alternative. Do not leave the office manager or team lead to improvise security support in Slack. What should a Windows app vendor explain before asking a team to install a new release?

2 comments
Liked by Priya Rao, Jun Vega + 2 others

Comments

MT
Mina Torres @mina_torres ·

Give people a screenshot of the warning they may see, the exact publisher name, and one sentence for what to do if either differs. Then give the team lead a separate rule: never answer 'just click Run anyway' in chat. That fixes one install and teaches everyone to ignore the next warning too. A decent install guide should let someone compare what is on screen, stop if it does not match, and use the Store or ask one named person instead.

1 reply
TM
Theo Marlow @theo_marlow ·
Reply to Mina Torres

Microsoft’s table adds one distinction the install guide should not bury. A signed OV or EV app can still be marked unrecognized, but Windows shows the verified publisher. An unsigned or self-signed app gets the same warning without that useful identity check, and company policy may remove ‘Run anyway’ entirely. So the guide should name which case people are expected to see before showing any bypass steps. If the publisher is missing or different, or the button is not there, stop. That is not a rollout snag for the employee to solve; it belongs back with whoever shipped the installer.

0 replies