View Full Version : Need your help again...Argh! (screenshots attached)
NewsArchive
09-23-2015, 02:29 AM
All,
I need your help again. Google Chrome still does not trust our new SHA-2
certificate. Microsoft Internet Explorer and Microsoft Edge work fine.
This is a very frustrating situation and we have opened a ticket with
Chromium. The problem is that we can't release SetupBuilder 10 until we
have resolved this issue. Otherwise, we would run into a support nightmare.
It would be great if you could help me.
Please make sure that you have enabled the "Automatically report details of
possible security incidents to Google" option (requires a Chrome restart if
you switch it to on) in your Google Chrome.
1. Go into chrome://settings and turn on "Automatically report details of
possible security incidents to Google" (you'll have to click the "Show
advanced settings..." item to see it).
2. Please download and run the following small tool on as many machines as
possible (see attached screenshots):
http://www.lindersoft.com/downloads/sb10_chrome_test.exe
3. Click the very skinny button next to that big Discard button, then click
"Keep".
4. Click the downloaded file and run it.
I guarantee, the above SetupBuilder generated application WILL NOT harm your
system. It just ask for elevation and displays a "SetupBuilder 10" dialog.
Thank you for your help!
--
Friedrich Linder
Lindersoft | SetupBuilder | www.lindersoft.com
954.252.3910 (within US) | +1.954.252.3910 (outside US)
--SetupBuilder "point. click. ship"
--Helping You Build Better Installations
--Create Windows 10 ready installations in minutes
--Official COMODO Code Signing and SSL Certificate Partner
NewsArchive
09-23-2015, 02:41 AM
I have used it and chrome did not complain.
It downloaded file without warnings and u runned it, windows asked me if I
wanted to run the file.
Kzendra
--
It ain't the fall that kills you
It's the sudden stop at the bottom.
NewsArchive
09-23-2015, 02:43 AM
I did it and I don't see any warning downloading with Chrome
Darko
NewsArchive
09-23-2015, 03:00 AM
> 3. Click the very skinny button next to that big Discard button, then
> click "Keep".
Same as kzendra, no "Discard" dialog here - chrome just let me run it...
Simon Kemp
NewsArchive
09-23-2015, 03:10 AM
kzendra,
> I have used it and chrome did not complain.
> It downloaded file without warnings and u runned it, windows asked me if I
> wanted to run the file.
AMAZING! Did they really fix it so fast??? I have opened a ticket with
Chromium, but have not received an answer yet. Download it again from here
and no warning. Wow!!!
Thanks so much for your help!
Friedrich
NewsArchive
09-23-2015, 03:11 AM
Darko,
> I did it and I don't see any warning downloading with Chrome
All I can say is Wow Wow Wow!! The SHA-2 signed file works fine now and
even my initial one:
http://www.lindersoft.com/projects/sb10_reputation.exe
All this did not work 15 minutes ago...
Friedrich
NewsArchive
09-23-2015, 03:11 AM
Thank you, Darko !!!
Friedrich
NewsArchive
09-23-2015, 03:14 AM
Simon,
>> 3. Click the very skinny button next to that big Discard button, then
>> click "Keep".
>
> Same as kzendra, no "Discard" dialog here - chrome just let me run it...
Unbelievable! Thanks so much for the confirmation and your help!
The question is, what "fixed" it? All the downloads to build a trust or the
ticket I opened an hour ago.
Thanks again!
Friedrich
NewsArchive
09-23-2015, 04:46 AM
Do you have any hair left? <g>
Simon Kemp
NewsArchive
09-23-2015, 04:46 AM
>
> Do you have any hair left? <g>
>
Call me Kojak <bg> That was a nightmare!!!!
Friedrich
NewsArchive
09-23-2015, 04:47 AM
> I need your help again. Google Chrome still does not trust our new SHA-2
> certificate. Microsoft Internet Explorer and Microsoft Edge work fine.
> This is a very frustrating situation and we have opened a ticket with
> Chromium. The problem is that we can't release SetupBuilder 10 until we
> have resolved this issue. Otherwise, we would run into a support nightmare.
>
> It would be great if you could help me.
done it on Chrom Version 45.0.2454.93
see attached image
--
best regards,
Guennadi
NewsArchive
09-23-2015, 04:48 AM
Guennadi,
> done it on Chrom Version 45.0.2454.93
> see attached image
Interesting. Thanks for the information!
I am also using:
Chrome version: 45.0.2454.93 Channel: n/a
OS Version: 10.0
Flash Version: Shockwave Flash 18.0 r0
Does not give any warning any longer for all files code-signed with the new
SHA-2 certificate here (tested from different IPs and machines). Did not
work two hours ago, then I opened a ticket. Very strange.
Friedrich
NewsArchive
09-23-2015, 04:48 AM
updated to Version 45.0.2454.99 m
the same message
--
best regards,
Guennadi
NewsArchive
09-23-2015, 04:49 AM
> updated to Version 45.0.2454.99 m
>
> the same message
Updated Chrome to 45.0.255499 m and still no warning.
Perhaps Google has to "mirrow" the certificate status. I have sbsolutely no
idea. But all this is very suspect.
Friedrich
NewsArchive
09-23-2015, 04:50 AM
Guennadi,
Do you have the "Automatically report details of possible security incidents
to Google" option enabled?
Friedrich
NewsArchive
09-23-2015, 04:50 AM
Ye-Ha
No [Discard] warning here. All looking good.
JohnG
NewsArchive
09-23-2015, 04:50 AM
Forgot to mention, your original sb10_reputation.exe also now does a clean
download.
John
NewsArchive
09-23-2015, 04:51 AM
Hi John,
> Forgot to mention, your original sb10_reputation.exe also now does
> a clean download.
Perfect !!! Thanks so much for your help !!!!!
But files signed with the OLD code-signing certificat give a warning now,
right?
http://www.lindersoft.com/projects/sb10_reputation_old.exe
-or-
http://www.lindersoft.com/sb8trial/sb8_Dev_Trial_NoHelp.exe
Friedrich
NewsArchive
09-23-2015, 05:55 AM
> Do you have any hair left? <g>
>
:-D
Kzendra
--
It ain't the fall that kills you
It's the sudden stop at the bottom.
NewsArchive
09-23-2015, 05:56 AM
Version 45.0.2454.99 m
You are out of date :-)
Kzendra
--
It ain't the fall that kills you
It's the sudden stop at the bottom.
NewsArchive
09-23-2015, 05:56 AM
>But files signed with the OLD code-signing certificat give a warning now,
>right?
Yes, they are now a problem :-( They both gave me the [Discard] warning.
John
NewsArchive
09-23-2015, 05:57 AM
John,
>>But files signed with the OLD code-signing certificat give a warning now,
>>right?
>
> Yes, they are now a problem :-( They both gave me the [Discard] warning.
Only Google knows... <G> Looking forward to the January 02, 2016 SHA-1
switch off day. Oh boy... We'll need a lot of Popcorn for this day.
Friedrich
NewsArchive
09-23-2015, 05:58 AM
both downloads with warnings
Darko
NewsArchive
09-23-2015, 05:58 AM
Darko,
>
> both downloads with warnings
>
Exactly what I see here. I think what Google did this morning is they
killed the trust of the old certificate and enhanced reputation of the new
one. I really would like to know how all this works behind-the-scenes.
Interesting and scary thing...
Friedrich
NewsArchive
09-23-2015, 07:48 AM
That is the reason I do updates from inside the program.
First install is complicated thing and is 99.99% done by trained person.
Update process does not use browser, just NetTalk, some hash checking and
so on :-)
Kzendra
--
It ain't the fall that kills you
It's the sudden stop at the bottom.
NewsArchive
09-23-2015, 07:48 AM
kzendra,
> That is the reason I do updates from inside the program.
> First install is complicated thing and is 99.99% done by trained
> person. Update process does not use browser, just NetTalk, some
> hash checking and so on :-)
This will only work as expected after January 02, 2016 if there are NO
protection systems involved (e.g. anti-spyware and anti-virus) <g>. These
systems are all connected to the Microsoft SmartScreen engine and the Google
"trust database". Be prepared that all the smart systems put files with an
invalid signature (e.g. SHA-1) into quarantine sooner or later <g>. And
then the hell breaks loose...
Friedrich
NewsArchive
09-23-2015, 07:48 AM
The "Year 2000" problem was a joke compared to the SHA-1 switch-off day.
Friedrich
NewsArchive
09-23-2015, 07:49 AM
Hmmm, that's the bridge we'l cross, sometimes in 2016 :-)
Kzendra
--
It ain't the fall that kills you
It's the sudden stop at the bottom.
NewsArchive
09-23-2015, 07:50 AM
ran for me without any warnings from Chrome
Tony Tetley
NewsArchive
09-23-2015, 07:50 AM
>
> ran for me without any warnings from Chrome
>
Thank you, Tony !!!
Friedrich
NewsArchive
09-23-2015, 07:52 AM
> Guennadi,
>
> Do you have the "Automatically report details of possible security incidents
> to Google" option enabled?
Yes, exactly, it is ON.
--
best regards,
Guennadi
NewsArchive
09-23-2015, 07:52 AM
>> Do you have the "Automatically report details of possible security
>> incidents to Google" option enabled?
>
> Yes, exactly, it is ON.
Hmmm, that is very weird. The new certificate seems to be trusted now (and
the old one is "disabled").
Friedrich
NewsArchive
09-23-2015, 08:21 AM
That's the version I have, as well.
Jeff Slarve
www.jssoftware.com
www.twitter.com/jslarve
I'll search help files & Google for you.
Grammar troll's, are the worse.
NewsArchive
09-23-2015, 08:22 AM
Worked here
Jeff Slarve
www.jssoftware.com
www.twitter.com/jslarve
I'll search help files & Google for you.
Grammar troll's, are the worse.
NewsArchive
09-23-2015, 08:23 AM
>
> Worked here
>
Thanks, Jeff !!!
Friedrich
NewsArchive
09-23-2015, 10:00 AM
Just tried this here - no warnings, no problems. Again - worked fine.
Andy Morgan
NewsArchive
09-23-2015, 10:02 AM
Ran with no warnings.
Jan Fleming
NewsArchive
09-23-2015, 10:06 AM
>
> Just tried this here - no warnings, no problems. Again - worked fine.
>
Perfect! Thanks, Andy.
Friedrich
NewsArchive
09-23-2015, 10:09 AM
>
> Ran with no warnings.
>
Cool !!! Thanks so much, Jane.
Friedrich
NewsArchive
09-23-2015, 12:37 PM
Hi Friedrich,
> 3. Click the very skinny button next to that big Discard button, then click
> "Keep".
The "Discard" was a no-show:) Downloaded and ran without any sh** from
Chrome:)
Best regards,
--
Arnor Baldvinsson
Icetips Alta LLC
NewsArchive
09-23-2015, 12:37 PM
Hi Arnor,
> The "Discard" was a no-show:) Downloaded and ran without any sh** from
> Chrome:)
:) THANK YOU !!!!!
Friedrich
NewsArchive
09-24-2015, 02:39 AM
Wow, crazy. Look at this. Windows 7 SP1 machine running Chrome and a
Windows 10 running Chrome. Same Chrome version, same IP address, same
download file, same time, but different reputation results.
That is not funny, Google <g>. I give up...
Friedrich
NewsArchive
09-24-2015, 07:14 AM
Done!
No security warning
Best regards
Edvard
NewsArchive
09-24-2015, 12:08 PM
> Done!
>
> No security warning
Thank you, Edvard !!!
Friedrich
NewsArchive
09-25-2015, 02:08 AM
>AMAZING! Did they really fix it so fast??? I have opened a ticket with
>Chromium, but have not received an answer yet. Download it again from here
>and no warning. Wow!!!
Nich so schnell mit die jungen Ferde!
See screenshot screenshot_Chrome_SB10.JPG
It shows my third attempt, hence the (2).
Regards,
Wolfgang Orth
www.odata.de
NewsArchive
09-25-2015, 02:09 AM
Friedrich,
my settings: screenshot_Chrome_settings.JPG
Regards,
Wolfgang Orth
www.odata.de
NewsArchive
09-25-2015, 02:09 AM
Hi Wolfgang,
> Nich so schnell mit die jungen Ferde!
>
> See screenshot screenshot_Chrome_SB10.JPG
>
> It shows my third attempt, hence the (2).
Luckily it seems to work fine for 99% of the users now. I think what you
see is a "machine specific" Chrome thing.
Look at this: same Google Chrome version, same ISP and IP, same download
location, same time, but different operating systems.
http://www.lindersoft.com/forums/showthread.php?46881&p=85046#post85046
Friedrich
NewsArchive
09-25-2015, 02:10 AM
downloaded and ran without any security warnings.
Hyrum Tatton
NewsArchive
09-25-2015, 02:10 AM
>
> downloaded and ran without any security warnings.
>
Thank you, Hyrum !!!
Friedrich
NewsArchive
09-25-2015, 02:13 AM
Hi Wolfgang,
Interesting test results /see attached screenshots). Tested from a Windows
7 SP1 (not updated to the latest patch level) virtual machine and a Windows
10 virtual machine. Same Chrome version, same ISP and IP, etc.
Windows 7 SP1 can not even see the SHA-2 signature and gives a warning. No
problem on Windows 10.
Friedrich
NewsArchive
09-25-2015, 02:21 AM
>Windows 7 SP1 can not even see the SHA-2 signature and gives a warning. No
>problem on Windows 10.
As you may have noticed, I ran it on Vista SP2.
Someone has to do it....!
<g>
Regards,
Wolfgang Orth
www.odata.de
NewsArchive
09-25-2015, 03:35 AM
Hi Wolfgang,
> As you may have noticed, I ran it on Vista SP2.
>
> Someone has to do it....!
Oh...well... that explains it <g>. When you check the code-signature of the
downloaded file, do you see both SHA-1 and SHA-2 signatures? I am trying to
understand how this Google Chrome reputation thing works in practice. As
far as I can see, Google Chrome's reputation engine needs a specific Windows
patch level to work correctly.
Tested it on Windows 8.0, 8.1 and Windows 10 and all is perfect. On some
Windows 7 machines it gives a warning. Remember, always the same Chrome
version and the same Internet Service Provider & IP. Just tested it on
Vista Business and it works fine after Windows updated its revoking list
(see attached screenshots). But Vista can only see the SHA-1 signature.
Friedrich
NewsArchive
09-25-2015, 04:54 AM
me too
cheers
Dave Beggs
NewsArchive
09-25-2015, 04:54 AM
> me too
Thank you, Dave !!!
Friedrich
NewsArchive
09-25-2015, 12:37 PM
Friedrich,
> Oh...well... that explains it <g>.
The phrase you may be looking for...<g>
"Thanks for the support nightmare, Mr. Bill!"
Lee White
NewsArchive
09-25-2015, 12:38 PM
>> Oh...well... that explains it <g>.
>
> The phrase you may be looking for...<g>
>
> "Thanks for the support nightmare, Mr. Bill!"
<VBG> ;-)
Friedrich
NewsArchive
09-25-2015, 12:43 PM
Hi Friedrich,
> 2. Please download and run the following small tool on as many machines as
> possible (see attached screenshots):
> http://www.lindersoft.com/downloads/sb10_chrome_test.exe
FWIW I ran this again on my laptop and got no warning - but I've lost
track of what and where I got warnings<g> Hopefully this IS getting
resolved:)
Best regards,
--
Arnor Baldvinsson
Icetips Alta LLC
NewsArchive
09-26-2015, 02:30 AM
Worked ok with no warnings on my dev pc. Will try it on laptop and a couple
of others this weekend.
Skip
NewsArchive
09-26-2015, 03:12 AM
> Worked ok with no warnings on my dev pc. Will try it on laptop and a
> couple of others this weekend.
Thank you, Skip !!!
Friedrich
NewsArchive
09-29-2015, 02:00 PM
>> As you may have noticed, I ran it on Vista SP2.
>>
>> Someone has to do it....!
>
>Oh...well... that explains it <g>.
Now you see, what burden I am willing to carry for you!
> When you check the code-signature of the
> downloaded file, do you see both SHA-1 and SHA-2 signatures?
See attached screenshot - hth
Regards,
Wolfgang Orth
www.odata.de
NewsArchive
09-29-2015, 02:01 PM
Hi Wolfgang,
> Now you see, what burden I am willing to carry for you!
<G>
> See attached screenshot - hth
Yes, that is the expected result on your Vista patch level :-) The file is
dual SHA-1/SHA-2 code-signed and on your machine the SHA-1 signature is
valid.
Friedrich
NewsArchive
09-30-2015, 01:53 AM
>Yes, that is the expected result on your Vista patch level :-) The file is
>dual SHA-1/SHA-2 code-signed and on your machine the SHA-1 signature is
>valid.
And Chrome on my Vista still suggests to "discard".
Regards,
Wolfgang Orth
www.odata.de
Powered by vBulletin® Version 4.2.5 Copyright © 2024 vBulletin Solutions Inc. All rights reserved.