Getting around Chrome's Malicious File Warning
I created an application which comprises a number of *.exe files. I've packaged these up into an NSIS installer which I hosted on my website. When I try to download it Chrome reports it as potentially malicious. At first I thought it could be the URL/site I was hosting on not being recognized so I signed up for Amazon S3 storage and moved the file there. Same problem. I then thought that packing the executables might cause this, so I tried without.
Same issue.
After some more reading I decided to try signing the executables as well as the installer package EXE.
I created a dev cert as follows:
makecert
pvk2pfx
signtool"http://timestamp.verisign.com/scripts/timstamp.dll" *.exe
Still malicious... I check the exe's even after download and confirmed they have a digital signature tab, granted it's not a fully verified commercial certificate but I can't believe the only way around Chromes half-baked code analysis is to spend $200 a year to have a verisign etc. code signing cert issued?
Any ideas how I can change what I'm doing to avoid this nasty message?
Answer
I had exactly this problem with an exe file that is downloadable from my web site. Whenever I tried to download the file using Chrome it gave the warning.
The solution I found was to sign up to Google Webmaster Tools and add my site. It took several days for Google to crawl my site, and fill in any information, but I went back today and finally found loads of information there.
Now I can download my file, and there is no malicious warning any more.
It seems that once Google has checked out your site and determined that you are not a bad person, the problem goes away.