I write software that is used by a company whose computers are protected with Avast Endpoint Protection. The software consists mainly of Microsoft .NET desktop programs deployed to a server on their LAN using Microsoft's "ClickOnce" mechanism through VisualStudio.
This is not publicly distributed software where a public "reputation for safety" would be possible. The software is for their internal use only.
With each new version we put up on the server for desktop installation , Avast does a thorough evaluation of the installation package, and sometimes the EXE ends up quarantined. New features are added each day or even several times a day, depending on how urgently a feature is needed. So we are looking for ways to streamline the Avast threat analysis, or even to bypass it.
So I was wondering if we were to purchase a "code-signing certificate" from a bona-fide certificate authority, and sign the software package using that certificate, whether that could cause Avast to ease up on its threat analysis. Would it be worth our while to spend the money on such a certificate, in terms of getting Avast to recognize these programs as posing no threat?
