You shipped your software, a user downloaded it and tried to run it. Windows stepped in: "Do you want to allow this app to make changes to your device? Publisher: Unknown." To the user, that reads as "this file might not be trustworthy" โ€” and most of them back out.

Why Does the Warning Appear?

Before running a program, Windows asks a simple question: who published this, and can that be verified? It looks for the answer in the file's digital signature.

If your software isn't signed, the operating system has no verifiable identity to work with. Since it can't invent one, it's honest about it and says "publisher: unknown." The warning does not mean your software is malicious; it only means it's unverified. But your user doesn't draw that distinction.

โš ๏ธ
This isn't a cosmetic problem โ€” it's a conversion problemThe warning screen is the biggest drop-off point between download and install. Users abandon your software without trying it, and you never learn why.

The Permanent Fix: Sign Your Code

The only real way to remove the warning is to sign your software with a code signing certificate. The signature does three things:

How the process works, roughly

  1. You get a code signing certificate (OV or EV).
  2. Identity validation completes; the private key goes onto a hardware token or into an HSM.
  3. You sign your software (on Windows, typically with signtool).
  4. When a user downloads it, you're no longer "unknown" โ€” you're you.
๐Ÿ”‘
Hardware tokens are now the normCode signing keys are held on a hardware token or in an HSM. That applies to OV as well as EV โ€” it prevents your private key from being copied.

I Signed It and Still Get a Warning

This is a different thing from the unsigned-file warning, and the two get confused constantly. The mechanism here is Microsoft SmartScreen: even with a valid signature, SmartScreen can show an extra warning if it doesn't recognize you yet.

If you signed with an OV certificate, that reputation builds over time, as your software is downloaded enough and runs cleanly. If you signed with an EV certificate, SmartScreen reputation is there from the start โ€” no warning even on the first download.

For a detailed look at the difference, see EV vs OV code signing.

What Not to Do

The warning doesn't say your software is bad โ€” it says nobody knows who you are.

G
GetYourSSL Team
We translate the SSL/TLS world into plain English (and Turkish). Independent affiliate partners of SSL.com, focused on helping you pick the right certificate โ€” not the most expensive one.