Microsoft Security | Microsoft Defender | Other
Additional Microsoft Defender tools and services that provide security across various platforms and environments
SmartScreen file submissions remain "In progress" for 13+ days after EV certificate renewal — what is the expected review SLA?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(25.6, 32%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EEM%3C/text%3E%3C/svg%3E)
ezLab Mobsoft
0
Reputation points
Question Summary
After renewing our EV Code Signing certificate (GlobalSign GCC R45 EV CodeSigning CA 2020, issued April 2026), all binaries signed with the new certificate trigger SmartScreen warnings on first download, even though they validate correctly and show 0/69 detections on VirusTotal.
We understand the August 2024 Trusted Root Program update removed the automatic SmartScreen reputation grant for EV certificates, and that reputation must now build organically. We are following the documented remediation path, but the process appears to have stalled.
(Current date: April 28, 2026.)
What We Have Done
File submissions
We submitted signed installer variants to https://www.microsoft.com/wdsi/filesubmission in two batches (April 15 and April 24, 2026). As of April 28, all submissions still show "In progress" in the submission history portal — 13+ days after the first batch.
Microsoft Defender Response correspondence
- April 25 — Microsoft Defender Response replied to one of our earlier submissions, confirming the file is clean, the signature is valid, and the certificate "is currently in the process of establishing reputation."
- April 27 — We sent a follow-up email asking for guidance.
- April 28 — No response yet.
Independent verification
- VirusTotal: 0 / 69 detections on the submitted installer (see attached image)
- All files properly timestamped
- Certificate chain validates correctly
Specific Technical Questions
- What is the expected review timeline (SLA) for files submitted via the Defender file submission portal?
The portal does not publish an SLA, and "13+ days, still In progress" with no further communication is difficult to plan around. - Does SmartScreen reputation propagate across multiple binaries signed by the same certificate (same thumbprint), or is reputation purely per-file-hash?
Documentation suggests certificate-level reputation exists, but in practice we only observe per-file behavior. - Is there any documented or recommended way for a publisher to verify whether their signing certificate has accumulated meaningful reputation, short of empirically downloading from many machines?
Certificate Details
| Field | Value |
|---|---|
| Issuer | GlobalSign GCC R45 EV CodeSigning CA 2020 |
| Valid | 2026-04-09 to 2027-04-10 |
| Previous certificate (no SmartScreen issues observed during its lifetime) | DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1 (2025-03 to 2026-03) |
Reference Submission
The submission Defender Response replied to (April 25): b24a447c-1726-4aec-954d-288850c312c0
Additional submission IDs from both batches are available on request.
Any technical guidance on the review process, reputation propagation behavior, or recommended verification methods would be appreciated. Thank you.
Microsoft Security | Microsoft Defender | Other
Sign in to answer