how to get rid of UAC warning in my PC application

Question

My problem: I have made a PC game (not created with Visual Studio) and turned it into a setup.exe by means of a setup creator. When running this setup file, the user will get this warning from Windows: "Do you want to allow this app from an unknown publisher to make changes to your PC?" My guess is that my file needs to be signed or certified somehow at Microsoft.

My question: Can anyone tell the correct steps I have to follow so that the user won't get this warning ?

Answer 1

Thanks guys. herewith a summary including some of the research I did myself in the meanwhile: The solution goes indeed through:

• Windows Store Publishing: in that case however mind that the setup is supposed to be MSI and the application UWP. So in my case I will need to do conversion with the Desktop Bridge
• Buying an Authenticode Certificate through a CA (certificate authority). Signing goes by means of signtool.exe which is part of the SDK. The signing command is entered through the command prompt screen. Here is a command line example in case Symantec is the CA: signtool.exe sign /a /s MY /n "appname" /fd sha256 /tr www.sha256timestamp.ws.symantec.com/sha256/timestamp /v "C:/ ..../mySetup.exe" Mind to use the new hash: sha256 in stead of the old one as discussed here

Answer 2

After some suggestions from @HarryJonhston I'll update the answer. and post the original answer below. Here is the update:

You haven't actually discovered the real problem yet. If your application is not digitally signed with EV certificate and it is downloaded from the internet, you'll get the security prompt much worse than that and most people won't be able to pass by without instructions as accept button isn't even visible by default (e.g. see it here http://labsii.com/share-to-speech-office-outlook-plugin-beta/).

So strictly speaking to answer your question you can get any certificate and Windows won't show on your device 'Unkown publisher' anymore, it will rather show the name of your company.

But as you will probably distribute the installer out of your device everything that I've said originally remains:

You need to sign the setup.exe with an EV certificate. They are rather expensive and hard to get.

You may also publish the game in the Windows Store as a way to avoid the prompt (it has some limitations but most games shouldn't have the problem to fit in), use the Desktop App Converter tool. You will need to sign as a Microsoft developer, but that's cheap comparing to all other options (20$).

You may also get a regular signing certificate which costs less, but it won't remove the prompt immediately, it will be removed only after Microsoft picks enough data that it can ensure that it is secure.

Answer 3

You can try getting the authenticode certificate I used. here is the link for that : https://www.sslshopper.com/microsoft-authenticode-certificates.html

I used digicert and they have good response times.