This one is not anti-virus. It is just Microsoft saying that it hasn't seen this program running much. That is not surprising as Joplin 3.5.11 has only just been released. Over time as Microsoft watches its users install this app it will class it as "recognized" and the warning will no longer appear.
This may also be because the code signing certificate was recently updated. Normally this error disappear after a few days, once Windows knows about the certificate.
Thank you for reporting it as a false positive! I assume the more such reports they get, the faster the app and certificate get whitelisted
Windows has gone to an assumption of guilt instead of innocence. If you are one of the first to install any EXE update, you’ll get that. If it isn’t on the allow list, it is not accepted. They update their list, but if you use programs that are not wildly popular and you update soon after the updates come out, expect this message. There is nothing the developer can do.
Partially, this is a good idea. Partially I think it is to try to force developers to distribute their products through the Microsoft store instead of as EXE files.
Given how difficult it is to get a code signing certificate and how much it costs, not to mention the infra to get the app signed, you'd think the certificate would mean something, but indeed not really.
And I can't think of any other vendor that does this. Apple trusts their certificates - if you notarize and app it's trusted, same with Android, etc. Indeed moving the app to the MS App store is something I considered when I was struggling to get a new certificate but it's not really an option as we'd lose a lot doing this.
I’ve never purchased anything from the Microsoft Store. I also am a LOCAL user on my Windows computer, which is also something Microsoft is trying to stop people from doing. I moved my Windows 10 clients to use 0patch for updates instead of purchasing a Windows update because they required that it was not only purchased from their store but needed to be set up as a Windows user, not a local user. After all that was done, and the Windows user was created, and their documents folder, pictures folder etc. were made and all the hoops trying to get the user to get onedrive and store everything in the cloud and use Windows backup, then they’d have to uninstall that user. Then return to their local user account.
They don’t want it to be our computer, they want it to be their computer they are allowing us to buy and use.
