01-10-2024 01:32 PM - edited 01-10-2024 01:58 PM
I am not a Windows programmer, but I do get to maintain a huge LabWindows PC host program. When we run an installer we built, we always get:
Windows protected your PC
I did not find that term when searching NI.com of the forums, and general web searches reveal hundreds of articles on how to turn off that message 😉
I expect there is some kind of Microsoft program you subscribe to and get some kind of ID certificate or something? Is this something LabWidnows (we use 2017) supports?
01-25-2024 10:30 AM
Sounds like an antivirus to me...
01-26-2024 12:09 PM - edited 01-26-2024 12:28 PM
Agreed - sounds like "Windows SmartScreen" interfering. More details here:
https://www.minitool.com/backup-tips/windows-protected-your-pc.html
I'm not as familiar with that one, but we've found that other AV software uses whether the top-level setup.exe \ install.exe is digitally signed as a clue to whether something is malicious or not. As such, besides disabling SmartScreen, digitally signing the setup.exe \ install.exe would be my first suggestion.
I don't recall if the CVI installer builder has installer signing (it would be in the Advanced section if so), but you can also manually sign the install.exe after the deployment is built. Regardless if CVI can sign for you or if you use the Microsoft sign tool - you do have to buy a certificate, but it's quite doable (example here).
01-26-2024 12:12 PM
Correct. And the question is what is involved with making a signed app, so folks can run them without having to bypass security settings. (For many corporate environments, they simply cannot install and use our program due to this.) I would "assume" any program compiler could be made to generated signed code, so I expect it is possible with LabWindows -- but alot of LW looks really old so I don't know if the core predates all this.
01-26-2024 01:28 PM - edited 01-26-2024 01:31 PM
Confirmed - the CVI deployment utility does have the ability to sign the installer - it's in the advanced section. You do have to provide your own certificate, but how to get one is searchable.
If you're using an older version of CVI that doesn't have this signing capability, or you just want to sign a CVI-built EXE - then you can sign the EXE after it's built using the Microsoft signtool mentioned above.