#640 Windows Security flagging 8.1.0 setup file as dangerous

[Kevin Tortoise]

Windows 10 Pro 21H1/19043.1110 is flagging your file Windows 64 setup exe file, "peazip-8.1.0.WIN64" as dangerous and insisting I don't install it. The SHA1 hash for the download matches the SHA1 hash listed on your download page, 416E5C1AD177DB0EC81F133E4928C8BCB6E0ADFD. Windows even warned me not to save the file. So what's the deal?

[Giorgio Tani]

peazip-8.1.0.WIN64.exe is not flagged as malicious or suspicious by Windows Defender, nor by any one of the over 60 antivirus featured in Virustotal meta-scan
https://www.virustotal.com/gui/file/225d9e7f0e95f5a5112c79651e8dc42f535e59127dda966e13b8b7ca942f9d74/detection
Moreover, it is even featured in Microsoft's winget package installer, meaning MS consider the file safe enough to be included in their own new generation software installer.

The reason Smart Screen blocks it on MS Edge is that Smart Screen is reputation based https://en.wikipedia.org/wiki/Microsoft_SmartScreen rather than relying on actual scans.
That means a new executable is always considered suspicious until it gets enough popularity in terms of installed base and time - unless it is signed AND is inheriting an high enough reputation from the signing certificate (anyway certificate reputation is periodically re-set).

In fact, if you download previous version peazip-8.0.0.WIN64.exe (or any older package), it already has an high enough reputation to not trigger Smart Screen - neither for downloading nor for installing.

What you can do to help building reputation for peazip-8.1.0.WIN64.exe package faster: you can select to keep the package in Edge and tell Smart Screen to install it anyway (with "More information" link), or even keep the time to follow the "Report as safe" link from Edge and give feedback to Microsoft.

[Kevin Tortoise]

Thank you for clearing that up. I figured it was something like that but just wanted to make sure.