Sign Windows VMs

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Sign Windows VMs

Vincent.Blondeau
 

Hi!

 

I am using Pharo in a company network under a firewall, an antivirus, and windows, and each day I have an issue with some parts of the Pharo application that are recognized as a threat.  So, I cannot download it or execute it straightforwardly.

 

Today was this one:

 

https://cdn.discordapp.com/attachments/365850577340727296/445688856948506624/unknown.png

Another day was the Cairo Dll where a “Veil Evasion Payload” has been detected.

 

And some people has encounter the same kind of issues:

 

It seems that the solution is to sign the VM with Authenticode, but for this, one needs to acquire a certificate (which is, of course, not free).

Has the community such a certificate? Maybe the same that for MacOS?

Would someone configure the VM builds to automatically sign them? (I can spend some time for this if needed)

 

TIA,

 

Cheers,

Vincent

 

Reply | Threaded
Open this post in threaded view
|

Re: Sign Windows VMs

fniephaus
 
Hi Vincent,

On Tue, May 15, 2018 at 1:15 AM <[hidden email]> wrote:
 

Hi!

 

I am using Pharo in a company network under a firewall, an antivirus, and windows, and each day I have an issue with some parts of the Pharo application that are recognized as a threat.  So, I cannot download it or execute it straightforwardly.

 

Today was this one:

 

image003.png

Another day was the Cairo Dll where a “Veil Evasion Payload” has been detected.


I agree, this is bad.
 

 

And some people has encounter the same kind of issues:

 

It seems that the solution is to sign the VM with Authenticode, but for this, one needs to acquire a certificate (which is, of course, not free).

Has the community such a certificate? Maybe the same that for MacOS?


No, we don't have such a certificate yet and we can't use the certificate from Apple because it can only be used for macOS VMs unfortunately.
 

Would someone configure the VM builds to automatically sign them? (I can spend some time for this if needed)


Of course, but first we need a certificate I'm afraid.

Cheers,
Fabio
 

 

TIA,

 

Cheers,

Vincent