Is Digitally Signing EXE Required?
Forum rules
This is the right place for Ren'Py help. Please ask one question per thread, use a descriptive subject like 'NotFound error in option.rpy' , and include all the relevant information - especially any relevant code and traceback messages. Use the code tag to format scripts.
This is the right place for Ren'Py help. Please ask one question per thread, use a descriptive subject like 'NotFound error in option.rpy' , and include all the relevant information - especially any relevant code and traceback messages. Use the code tag to format scripts.
- SypherZent
- Veteran
- Posts: 362
- Joined: Fri Sep 02, 2016 3:14 am
- Completed: Multiverse Heroes, Space Hamster in Turmoil
- Location: Puerto Rico
- Contact:
Is Digitally Signing EXE Required?
Okay so, when I changed the icon for the .exe file to a custom icon, it started triggering Windows Defender and Antivirus software for users who downloaded the game. It took a while to figure it out, but ultimately it was the act of changing the icon that caused this to happen, nothing else.
The software becomes 'untrusted' or something like that when the icon is changed using a .ico when building distributions. We removed the .ico and the game stopped triggering Windows Defender and Antivirus software for users.
Do I need to purchase a Code Signing Extended Validation (EV) certificate and sign the .exe file in order to stop the game from being flagged by other people's machines when they download it? Or is there an alternative solution?
The software becomes 'untrusted' or something like that when the icon is changed using a .ico when building distributions. We removed the .ico and the game stopped triggering Windows Defender and Antivirus software for users.
Do I need to purchase a Code Signing Extended Validation (EV) certificate and sign the .exe file in order to stop the game from being flagged by other people's machines when they download it? Or is there an alternative solution?
-
- Miko-Class Veteran
- Posts: 793
- Joined: Fri Feb 09, 2018 12:05 am
- Location: Canada
- Contact:
Re: Is Digitally Signing EXE Required?
are you using the default code?
or are you using a custom code?
but do a full virus scan on your computer your pc might be infected
and do online virus scan to determined if it's a false detection from here
https://www.virustotal.com/gui/home/upload
Code: Select all
define config.window_icon = "gui/window_icon.png"
but do a full virus scan on your computer your pc might be infected
and do online virus scan to determined if it's a false detection from here
https://www.virustotal.com/gui/home/upload
- SypherZent
- Veteran
- Posts: 362
- Joined: Fri Sep 02, 2016 3:14 am
- Completed: Multiverse Heroes, Space Hamster in Turmoil
- Location: Puerto Rico
- Contact:
Re: Is Digitally Signing EXE Required?
I'm including a .ico file when building the distribution.
There is no custom code. I don't know what you are talking about.
Including a .ico file is how Ren'Py documentation says it must be done. (https://www.renpy.org/doc/html/build.html#special-files)
That window icon only changes the icon in the taskbar, not the .EXE icon, right?
I am talking about the .EXE icon, not the taskbar icon.
Also, there is no problem with my antivirus or my computer. Didn't you read my initial post??
Most people who download the game experience Windows Defender and their antivirus telling them the game is from an untrusted source.
I have read that the .EXE file has to be signed digitally, and that I have to spend $600+ to purchase a Code Signing certificate from a Windows Validated distributor so that my company can appear in Windows' trusted partner list on everybody else's machine, so when Windows Defender detects the .EXE it can cross reference it and see it is from a trusted and validated source. Apparently this is only required if actually editing the .EXE file to have a custom icon.
I want to know if there is a way to change the .EXE icon without triggering Windows Defender whenever I distribute my game.
I'm not talking about the WINDOW ICON or TASKBAR ICON. I'm talking about the image that appears on the .exe file itself.
There is no custom code. I don't know what you are talking about.
Including a .ico file is how Ren'Py documentation says it must be done. (https://www.renpy.org/doc/html/build.html#special-files)
That window icon only changes the icon in the taskbar, not the .EXE icon, right?
I am talking about the .EXE icon, not the taskbar icon.
Also, there is no problem with my antivirus or my computer. Didn't you read my initial post??
Most people who download the game experience Windows Defender and their antivirus telling them the game is from an untrusted source.
I have read that the .EXE file has to be signed digitally, and that I have to spend $600+ to purchase a Code Signing certificate from a Windows Validated distributor so that my company can appear in Windows' trusted partner list on everybody else's machine, so when Windows Defender detects the .EXE it can cross reference it and see it is from a trusted and validated source. Apparently this is only required if actually editing the .EXE file to have a custom icon.
I want to know if there is a way to change the .EXE icon without triggering Windows Defender whenever I distribute my game.
I'm not talking about the WINDOW ICON or TASKBAR ICON. I'm talking about the image that appears on the .exe file itself.
Last edited by SypherZent on Sun Aug 09, 2020 1:40 am, edited 1 time in total.
-
- Miko-Class Veteran
- Posts: 793
- Joined: Fri Feb 09, 2018 12:05 am
- Location: Canada
- Contact:
Re: Is Digitally Signing EXE Required?
this code is for exe and taskbar icon
and a custom code is something that you created not using the renpy coding
and I never said your computer was infected it was possible or theirs
and I told you that virus scan can detect a false virus regardless if you are using Code Signing certificate from a Windows Validated distributor
that from me bye have a good day
Code: Select all
define config.window_icon = "gui/window_icon.png"
and I never said your computer was infected it was possible or theirs
and I told you that virus scan can detect a false virus regardless if you are using Code Signing certificate from a Windows Validated distributor
that from me bye have a good day
- SypherZent
- Veteran
- Posts: 362
- Joined: Fri Sep 02, 2016 3:14 am
- Completed: Multiverse Heroes, Space Hamster in Turmoil
- Location: Puerto Rico
- Contact:
Re: Is Digitally Signing EXE Required?
Ok, I will give that a try. Last time I tested that, it did not change the .exe, but that was about two years ago.
Ever since that time I have been uploading games via Steam where the .ico file is requested separately from the game files (uploaded directly to Steam).
Unfortunately, asking my clients to check their antivirus software is not professional nor proper, so it's out of the question.
The game shouldn't be triggering a false positive at all, ever or it makes the company look bad.
I will see if the window_icon actually changes the .exe next time I build a distribution, and I'll see if it continues to trigger Windows Defender for others, thanks.
Ever since that time I have been uploading games via Steam where the .ico file is requested separately from the game files (uploaded directly to Steam).
Unfortunately, asking my clients to check their antivirus software is not professional nor proper, so it's out of the question.
The game shouldn't be triggering a false positive at all, ever or it makes the company look bad.
I will see if the window_icon actually changes the .exe next time I build a distribution, and I'll see if it continues to trigger Windows Defender for others, thanks.
- MaydohMaydoh
- Regular
- Posts: 165
- Joined: Mon Jul 09, 2018 5:49 am
- Projects: Fuwa Fuwa Panic
- Tumblr: maydohmaydoh
- Location: The Satellite of Love
- Contact:
Re: Is Digitally Signing EXE Required?
window_icon does only change the icon in the taskbar and the window, not the exe. Like you said, the .ico file is all that's needed to change the exe icon. But I do know some anti virus' detect renpy games as a false positive, which is a problem with the anti virus not renpy, but shouldn't be an issue with windows defender just 3rd party anti virus' I think. Other than that, I don't have any ideas.
- SypherZent
- Veteran
- Posts: 362
- Joined: Fri Sep 02, 2016 3:14 am
- Completed: Multiverse Heroes, Space Hamster in Turmoil
- Location: Puerto Rico
- Contact:
Re: Is Digitally Signing EXE Required?
Well that is why I asked the question. To my knowledge, it's not that the antivirus or Windows Defender is detecting a false positive, as much as something these operating systems have where you need to be on an internal 'verified developer' list which requires purchasing a license of sorts (or what they call a Digital Signing Certificate).
https://docs.microsoft.com/en-us/window ... ertificate
I want to know if there is a way around this, or if it is absolutely necessary like a standard procedure if I don't want my game being flagged on people's systems.
Going out to thousands of players, this may kill over 50% of my business, if the game is flagged by their antivirus, they may refund it immediately.
I cannot risk this happening. Not at this stage of my business.
https://docs.microsoft.com/en-us/window ... ertificate
I want to know if there is a way around this, or if it is absolutely necessary like a standard procedure if I don't want my game being flagged on people's systems.
Going out to thousands of players, this may kill over 50% of my business, if the game is flagged by their antivirus, they may refund it immediately.
I cannot risk this happening. Not at this stage of my business.
-
- Regular
- Posts: 111
- Joined: Fri Oct 11, 2013 12:46 am
- Contact:
Re: Is Digitally Signing EXE Required?
Have you tried creating a shortcut to your executable and changing the icon in the shortcut? If that doesn't trigger Windows Defender, it seems like a cheap compromise.
Re: Is Digitally Signing EXE Required?
It seems incredibly bizarre that having a custom icon is triggering a false positive with Windows Defender at all. Defender is usually pretty good in this day and age.
Can you check if you get the false positive when you remove the ico file from the project and rebuild? Or if it happens with a different icon?
Can you check if you get the false positive when you remove the ico file from the project and rebuild? Or if it happens with a different icon?
Re: Is Digitally Signing EXE Required?
If you change exe icon your binary is changed, if binary is changed then digital signature become invalid, if digital signature is invalid then at best it is treated as non-existent, at worst as if exe was tampered by malware. Plus more and more systems flag unsigned binaries as "potential malware", even if there is virtually no code at all.
General solution would be getting proper code signing for your exe/dll/whatever. Prices usually starts at 75-100$/yr, if you don't plan to change binaries in future then minimal possible term is fine, as you need to sign binary only once while certificate is valid. Main problem tho is you actually need to be verified.
Idea with shortcut/link file may actually work, try it.
Maybe PyTom might offer extra service, re-signing exe files with custom icon and version info manifest, as there will be no risk and he need to sign exe files anyway. Try to ask him maybe, he does mac-related things already i believe, might help with win ones too.
General solution would be getting proper code signing for your exe/dll/whatever. Prices usually starts at 75-100$/yr, if you don't plan to change binaries in future then minimal possible term is fine, as you need to sign binary only once while certificate is valid. Main problem tho is you actually need to be verified.
Idea with shortcut/link file may actually work, try it.
Maybe PyTom might offer extra service, re-signing exe files with custom icon and version info manifest, as there will be no risk and he need to sign exe files anyway. Try to ask him maybe, he does mac-related things already i believe, might help with win ones too.
I may be available for hire, check my thread: viewtopic.php?f=66&t=51350
- SypherZent
- Veteran
- Posts: 362
- Joined: Fri Sep 02, 2016 3:14 am
- Completed: Multiverse Heroes, Space Hamster in Turmoil
- Location: Puerto Rico
- Contact:
Re: Is Digitally Signing EXE Required?
Ok, I will do some testing with a shortcut file.
Still have a few weeks before I dedicate time to the .ico again. Am in a crunch phase right now (hence the delayed replies).
Thanks for the replies, everyone, will update if/when I find a solution.
Still have a few weeks before I dedicate time to the .ico again. Am in a crunch phase right now (hence the delayed replies).
Thanks for the replies, everyone, will update if/when I find a solution.
Who is online
Users browsing this forum: Ahrefs [Bot]