Operating system
Windows
Joplin version
3.5.11
Desktop version info
Joplin 3.5.11 (prod, win32)
Enhet: win32, 12th Gen Intel(R) Core(TM) i7-1255U
Klient-ID: 9838292c162840c9bd19755e13afa6ad
Synkroniseringsversion: 3
Profilversion: 49
Nyckelring som stöds: Ja
Alternativt instans-ID: -
Revision: e75875c
Backup: 1.5.1
Freehand Drawing: 4.2.0
What issue do you have?
Windows 11 Defender raised an anti-virus warning when I ran the installer. After checking that it's OK with F-Secure, I then chose to run it anyway.
I have reported the installer to Microsoft as a false positive, so hopefully that will solve the problem for other people, for this version at least.
Can there be a process for checking new installers so that they don't fall foul of Windows Defender?
1 Like
@jon-stewart welcome to the forum.
Was it actually a virus warning or one of these warnings?
This one is not anti-virus. It is just Microsoft saying that it hasn't seen this program running much. That is not surprising as Joplin 3.5.11 has only just been released. Over time as Microsoft watches its users install this app it will class it as "recognized" and the warning will no longer appear.
1 Like
This may also be because the code signing certificate was recently updated. Normally this error disappear after a few days, once Windows knows about the certificate.
Thank you for reporting it as a false positive! I assume the more such reports they get, the faster the app and certificate get whitelisted
Windows has gone to an assumption of guilt instead of innocence. If you are one of the first to install any EXE update, you’ll get that. If it isn’t on the allow list, it is not accepted. They update their list, but if you use programs that are not wildly popular and you update soon after the updates come out, expect this message. There is nothing the developer can do.
Partially, this is a good idea. Partially I think it is to try to force developers to distribute their products through the Microsoft store instead of as EXE files.
1 Like
Given how difficult it is to get a code signing certificate and how much it costs, not to mention the infra to get the app signed, you'd think the certificate would mean something, but indeed not really.
And I can't think of any other vendor that does this. Apple trusts their certificates - if you notarize and app it's trusted, same with Android, etc. Indeed moving the app to the MS App store is something I considered when I was struggling to get a new certificate but it's not really an option as we'd lose a lot doing this.
I’ve never purchased anything from the Microsoft Store. I also am a LOCAL user on my Windows computer, which is also something Microsoft is trying to stop people from doing. I moved my Windows 10 clients to use 0patch for updates instead of purchasing a Windows update because they required that it was not only purchased from their store but needed to be set up as a Windows user, not a local user. After all that was done, and the Windows user was created, and their documents folder, pictures folder etc. were made and all the hoops trying to get the user to get onedrive and store everything in the cloud and use Windows backup, then they’d have to uninstall that user. Then return to their local user account.
They don’t want it to be our computer, they want it to be their computer they are allowing us to buy and use.
1 Like
