Artifact Signing
A fully managed end-to-end service for digitally signing code, documents, and applications. (formerly Trusted Signing)
Application digitally signed with EV Certificate behaves differently when built in AzDO Pipeline
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(272, 67%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJS%3C/text%3E%3C/svg%3E)
Jacob Saunders
0
Reputation points
We have a desktop application that has historically been built on a local developer machine using Advanced Installer. When signing with the EV certificate it receives the value from Azure Key Vault without issue.
However, we have recently begun moving to an automated pipeline in Azure DevOps. We still use Advanced Installer in the pipeline and access the same certificate for signing. When the pipeline completes the EXE and MSI that are created get placed in a storage account.
However, the artifacts that are created in the pipeline trigger the Windows Defender Smart Screen warning, whereas, the locally built executables do not.
I was under the impression that the EV certificate would help prevent situations like this.
We are looking for a solution that prevents the Smart Screen from triggering on the pipeline builds, but are not sure on the best approach. Is the recommended approach to include the malware analysis scan and submission within the pipeline? And, if so, is there a delay between that process and the application being considered safe?
Artifact Signing
Sign in to answer