Add File Hashes about whynotwin11 HOT 9 CLOSED

It shouldn't per its VirusTotal results it's not detected as a False Positive by Microsoft

The full results are here:
https://www.virustotal.com/gui/file/03ad9794200346d393ff1e14ece895ac8184a1fa179cc13561b3fdfe7a2df6d1/detection

I don't know the exact translation but I know that Chrome blocks uncommon downloads, this may be a similar feature.

from whynotwin11.

This is due to Microsoft Smartscreen. Not sure how you can bypass that other than disabling smartscreen.

from whynotwin11.

Consider printing the artifact's hash as part of the workflow @rcmaehl. While this won't help with Edge's warning, it will allow users to know that the binary they are downloading is built from this repo.

from whynotwin11.

I am pretty sure that @rcmaehl builds release builds locally. And to my knowledge autoit doesnt produce reproducible binaries (but I didn't read much into it, so maybe it is possible)

from whynotwin11.

Releases should have binaries from the CI. Safety is a concern with projects like this. As long as the build comes from the CI, there is no need for reproducible binaries. The process would go like this.

1. CI compiles binary.
2. CI prints hash of the binary.
3. New release is published with the CI's binary, either automatically or manually.
4. The integrity of the release's binary is verified by comparing its hash to the hash from the CI.

from whynotwin11.

Microsoft SmartScreen has block first-seen feature, which blocks executables are first seen on the Internet. Ignoring the prompt is okay for this project.
As for developer, a workaround is to zip the release executable file.

from whynotwin11.

zipping the file doesnt help much, this stuff happens literally all the time over in emulation projects where the builds can come out really fast, which doesn't give the heuristic network enough time and training to realize that they arent malicious

from whynotwin11.

Google chrome and Edge uses Chromium code base. File types that are mostly blocked are listed here https://source.chromium.org/chromium/chromium/src/+/main:components/safe_browsing/core/resources/download_file_types.asciipb

defender smart screen blocks them based on Authenticode certificates and file hash allowed. You can create the below registry key to allow the file type downloadable without warning

**Execute the below code in PS ISE ****

$regpath="HKLM:\Software\Policies\Microsoft\Edge\ExemptDomainFileTypePairsFromFileTypeDownloadWarnings"

if (!(Test-Path $regpath)) {
New-Item -Path $regpath -Force
}

New-ItemProperty -Path $regpath -Name "1" -Value '{"domains": ["*"], "file_extension": "exe"}' -PropertyType String -Force

from whynotwin11.

Can be closed now.

from whynotwin11.