Windows help wanted - trying PJRC's new code signing cert

PaulStoffregen

Well-known member
If you're using Windows and have a moment to help, please download this freshly compiled Hello World program (it just prints "Hello World" if run from command line).


This EXE file supposed to be properly signed. But I had to completely rework how I sign EXE files, since they changed the rules for certs sometime in 2023. It used to be just a P12 file with both key and cert, but now the private key part is delivered on a Yubikey hardware token. I had to install a bunch of Yubikey and PKCS11 crypto stuff. Looks like I probably got it working, but I'm hoping you can be the judge of that....

This new cert doesn't have smartscreen reputation yet, so even if the signature is good your browser might object or the message might be something about the program not commonly downloaded.

If you right-click and look at properties, it should have a Digital Signatures tab that says the program is from PJRC.COM, LLC. The Details should show it has a signed timestamp of today (March 21) and the CA is SSL.com.
 
Here you go. On Windows 10.
My Chrome browser downloaded it fine, hello2.exe runs fine from command line.

1711042012509.png


1711042034091.png


Paul
 
Edge on Windows11 Home,
Version 10.0.22631 Build 22631
AV: McAfee

Make sure you trust hello2.exe before you open it​

Microsoft Defender SmartScreen couldn't verify if this file is safe because it isn't commonly downloaded. Make sure you trust the file you're downloading or its source before you open it.
Name: hello2.exePublisher: US, Oregon, Sherwood, "PJRC.COM, LLC", "PJRC.COM, LLC"

Keep anyway.

execution shows: Hello World

digital signature: same as PaulS
 
Last edited:
Windows10 Pro and whatever Explorer calls itself today.
BitDefender did not like it.
....and following Windows thought:-
zz.png

z.png
 
Norton complained about 3 times about not a common download, Are you sure...
But after that I was able to run it. Norton also scanned it and said nothing is wrong.
 
Got these notes downloading and trying to keep it ... then reported as SAFE ... then it was determined to be 'Virus detected'
Windows 11 - active AV is MSFT Defender - Windows Security ...
That was with EDGE - same end result in Brave browser
<edit> return to KEEP ANYWAY keeps detecting virus and removing
1711047021455.png

1711047030085.png

1711047041308.png

1711047049344.png

1711047058101.png
 
Turning this off allowed keeping download and running it:
1711047565061.png


<edit>
MalwareBytes scanned and found no issue.
But enabling the above had the EXE deleted as a virus.
 
Downloaded and ran on windows 11 with Norton. Saw the same as @defragster - reported it safe to MS, then said keep anyway with no issues with Norton. Ran hello2.exe and ran fine - and saw the same signature as @PaulS
 
Have not seen download problems with 'false positives' in recent memory. And last TD updates have had no issue with any EXE changes for IDE 1 or IDE 2.

Tried download again and failed - the 'RULES" hadn't been updated for Virus.
Did Windows Update:
1711063164154.png

After that the download worked - so reporting as SAFE must have fed into a "RULES" database to accept.
Though still ID'd it as:
1711063258034.png

And had to select "...": 'Keep' and then 'Keep anyway' and then it survived to save and to run and also survived a 'Manual Scan' of the file by Defender.
 
@PaulStoffregen : Wondering if you made another test EXE - now that your NEW CERT has been tested and approved once - if it might be better accepted?

It would only work with the most recent Update to the Windows Defender Smartscreen 'database' - but it might have moved from 'Never seen untrusted' to 'Cert seen without issue' or better.
 
Wondering if you made another test EXE - now that your NEW CERT has been tested and approved once - if it might be better accepted?

Sure, here's another test. Basically the same, but prints a slightly different hello message. ;)


Based on what we saw 3 years ago with 1.54 beta #7, my guess is we've got a few beta versions to go before SmartScreen warms up to PJRC's new certificate.
 
That worked - just had to find and select "KEEP" two times.
Code:
>"C:\Users\TimLabs\Downloads\hello3.exe"
Hello Defragster
It was not deleted, and a manual scan with Defender did not find any issue.
And that was before manually checking for this update that came in:
1711339679243.png

After that it still required a double 'KEEP' at this point - but no issue with it being removed or not executing.
> That .695 is a big uptick from above .608 noted above.

A connected system seems to regularly update automatically as the list below shows on a connected machine:
1711340053482.png
 
Microsoft windows, complained twice as mentioned. Then Norton ran on it and said something like, scanned, ...

But I think there is a bug in it:
Code:
C:\Users\kurte\Downloads>hello3
Hello Defragster
As I am not Defragster
😉
 
Bash:
Windows PowerShell
Copyright (C) Microsoft Corporation. All rights reserved.

Install the latest PowerShell for new features and improvements! https://aka.ms/PSWindows

PS C:\Users\chris\Downloads> .\hello3.exe
Hello Defragster

So it runs fine from a shell; double clicking it still gives the "Windows protected your PC" nonsense.
 
So it runs fine from a shell; double clicking it still gives the "Windows protected your PC" nonsense.
Does right click properties show it as BLOCKED - - not seen that here but downloads can get marked that way too and require flipping that switch to allow it to run.
 
Hopefully it is CERT trust that will build with more exposure as it is NEW - even though PJRC NAME is common from prior.

Still needed Double Keep - with EXE name change it will still be inclined to show this as 'not commonly downloaded':
1711584820131.png


Until doing the Keep/Keep the download is sequestered by Edge:
1711584837006.png

And then from Explorer the file is still marked 'might be blocked':
1711584905155.png

Running from Explorer runs and exits of course - but from CMD window it runs fine -
Code:
C:\Users\xyz>"C:\Users\xyz\Downloads\hello4.exe"
Hello Kurt

Some prior copies are still marked Blocked - but will execute from CMD. No pop-up warning on double click execute - but the appearing CMD window exit before content is visible.
 
Microsoft windows, complained twice as mentioned. Then Norton ran on it and said something like, scanned, ...

But I think there is a bug in it:
Code:
C:\Users\kurte\Downloads>hello3
Hello Defragster
As I am not Defragster
😉
This latest one appears to work...

Got the two messages that Defragter mentioned and then:

1711626273508.png


And ran from terminal window and it worked
 
Back
Top