Transferring Microsoft SmartScreen reputation to renewed certificate

To complement the comment by @JozefIzso: The binary became trusted after about one month. While the further release become trusted after about 10 days only, third release did not become trusted for weeks again.

It does not look like a standard code signing certificate can be used nowadays. We gave up and went for EV certificate.


As you've figured out you can't transfer it, and you're stuck without using EV. Because you've got a new certificate, it took some time for your software to be verified as safe. What I think is happening now is that your signing certification is still seen as relatively new, and needs to build up reputation, but because the previous software release was all ok I would expect that reputation build up is quicker this time.

The only definite way to speed this up is to get EV certificates. However, by submitting new releases here: https://www.microsoft.com/en-us/wdsi/filesubmission you may be able to increase reputation. This blog has some interesting statistics and spotted some potential patterns: https://www.coretechnologies.com/blog/windows/microsoft-smartscreen-filter/

One potential way to get around this, at least relatively recently, was to have an installer that changes code very infrequently. This code then downloads the program in the background and this would often work. Unfortunately, I don't think that's going to work for WinSCP (which is very useful btw, keep up the good work!).