Hello,
we are developing a software which we sell (or rather rent) to our customers. We regularly create new setup files with updated versions. We use InnoSetup to create the setup. Since we did not use code signing we kind of understood Avast could not determine "I have already verified that file" since there was no way to relate from version A to version B. But now we have even enabled code signing (even if the certificate used is selfsigned, the used private key behind the signing is still "save"). Then I started wondering: Why would Avast scan repeatly on the same machine a signed setup from us, but will ignore an unsigned open source setup like miranda-im-v0.10.37-unicode.exe (just the first example I found avoiding strong name signed files like from Microsoft itself). So there must be a trick for Avast to recognize "this file is fine, no need to deepscreen it". I tried to search the FAQ and forums, but to no avail.
So what can we as a developer do to make/appear our setup more trustworthy?