We're a small 4-man team working on an indie games marketplace.
Like several previous posters before us, we are having trouble with the Windows Defender Smartscreen blocking our app. The most common message is "File is not commonly downloaded" but sometimes it also reads something like "Windows Protected your PC."
We've received a number of complaints from our users about the Smartscreen warning message, and it's badly hurting our efforts with user acquisition.
In accordance with previous threads we found on this topic, we have tried
Code Signing - we sign our code through DigitCert, and have done so for nearly 5 months; the message has not gone away. As we use AWS for our servers, we don't have any way to use an EV Code Signing hardware token.
Microsoft Code Review - We submitted our files to Microsoft for Malware analysis. The analysis came back clean, even with a note saying they could not reproduce the warning, and yet, both our own testing and our users confirms the Windows Defender message is still happening.
Becoming a Microsoft Partner - Unfortunately, even after getting approval and confirmation, absolutely nothing has changed.
Everything I can find online about getting our app whitelisted is about whitelisting specific programs from the user side -- not very useful for convincing people we're safe to download. There are two threads on Stack Overflow that link to a blog article which has since been removed. Microsoft, Amazon, and DigitCert support have all been less than helpful.
My questions are:
1. Is Amazon CloudHSM a substitute for EV Code Signing? As stated above, we can't use a hardware token, but I have to imagine that AWS has some kind of substitute. We've never re-issued the serial on our current code signing cert, but I can't imagine 5 months is a normal turn-around time.
2. Does hosting the download link on our own domain make a huge difference? Currently, the download link leads to an AWS bucket. One website said that could potentially slow things?
3. What else are we supposed to do? We're not a large team and we're kind of stretched thin as it is. If anybody has any suggestions we haven't tried yet, I'm all ears.