Developed software recognition

[mrkleine]

I'm a independent software engineer, and I'm currently working on a .NET application for a small user group. I develop this in Visual Studio, and deploy this with ClickOnce of Microsoft. Most of my users use Avast, and when trying to install or update, for every file it gives a warning and suggests it should be blocked (according to the message solely on the basis that the files are unknown. Which they will always be, as the software only has an small intended user group).

This is very inconvenient. I hoped it would help if the application would be identified by a valid signature, but now that I've done that it still keeps telling me the files are unknown and they should be blocked.

Is there any way to avoid this? Is there a way to certify the software that the files will be accepted, can I upload them somewhere or (as a last resort) is there a way to identify a trusted location / webpage?

Your help is appreciated!

[CraigB]

You can report the files to avast as a false positive via the support tab in the avast interface, scroll to the bottom of the page and click the submit tab.

[IWRConsultancy]

Yeah, sounds like what happens to our utilities even though they are reasonably well-known and available on sourceforge as well as our own site. A test I performed indicates that those downloads which have been online for a while and downloaded many times aren't presently flagged as dangerous, but immediately will be so if updated. That really creates some perplexing issues; if a security vuln is discovered, do we recompile the package and have it flagged by Avast! as unknown and therefore potential badware? Or,  do we just keep quiet about the vuln and continue to offer the insecure version for download? I think the term is Hobson's Choice.