Infralution Support

[Javier]

I'm facing a problem: Norton's SONAR keeps interpreting that my bootstrapped application Steel.exe is harmful and it gets deleted. Some clients have reported the same issue when an update is installed. I have sent the file to Symantec and I'm waiting for their response, but I think that probably it has to do with the fact that the file is not digitally signed, so the developers are unknown.

I do have a code signing certificate that I use to sign the installer file, and it works fine. However the bootstrap (and all the assemblies in it) has a strong name as suggested in your Help. How can I sign my application with my code signing certificate, so that the developer company shows up in its properties?

Do you think that this could be the problem? Thank you.

[Infralution]

Code signing can certainly help avoid false virus detections. You just sign the final (bootstrap) executable just like you would any other executable.
_________________
Infralution Support

[Javier]

So, the strong name under the Signing tab of the bootstrap assembly doesn't have anything to do with signing the final executable? I'm confused. Thank you.

[Infralution]

This is a common source of confusion. Strong naming of assemblies has nothing to do with code signing. Strong name of assemblies just ensures that an assembly has not been tampered with since it was signed with a given strong name. It doesn't say anything about the credibility or identity of the person who strong named the assembly - anyone can generate a strong name and use it.

Code signing on the other hand requires that you get a certificate from a certificate authority and sets up a chain of trust. It tells customers that an executable was signed by you - and gives them a reason to trust that the executable is not malicious.
_________________
Infralution Support

[Javier]

I understand now. Probably the confusion would disappear if the tab in VS said "Naming" instead of "Signing". Thank you.