Unity 5: "The digital signature is not valid" when using a custom icon in Windows

Hey all,
I noticed that Unity 5 has started signing output .exe files with its own certificate named "Unity Technologies SF". I've also seen that when I use a custom icon (with Unity Pro) and uncheck "Override for Standalone" that certificate becomes invalid.

Why is that? is it fixable?

 

For what its worth TomGolan is not crazy, as I have experienced the exact same issue he has described. Also thank you Tom for mentioning the icons, you saved me from having to troubleshoot this issue myself.

Also does anyone have any info on some cheap code signing certificates that do their job and keep Microsoft SmartScreen filter from popping up?

Have a great day!

 

Thanks for the hint with the icon, I've assumed the same thing when I saw that the digital signature of our standalone players were invalid. You can get pretty cheap code signing certificates, just do a quick search (in the range of ~200EUR/USD for a year). I'm just not sure why UT is signing the player in the first place when its becoming invalid due to the icon modification and if we are allowed to replace the signature with our own.

 

So, I added signing in the desire to try and get further crash information via Windows Error Reporting. I was figuring certificate chaining and such would account for things, but with resource modifications I guess not.

I'll look to remove it from the future, but for the time being you can find some tools out there to remove the certificate from the exe. (or directly make your own tools using the windows apis to remove certs) For example this: http://www.fluxbytes.com/csharp/remove-digital-signature-from-a-file-using-c/

 

By sheer luck, I also discovered that this problem was caused by the custom icon, so I solved it by just removing my icon from the standalone build. However this workaround has no effect on Unity 5.3.6f. If you build your exe file with that version, your users will see the nasty "SmartScreen" message when they try to run your game after downloading it, no matter if you have a custom icon or not. So for now I'm downgrading to the reliable Unity 5.3.5f.

By the way I tried the FileUsigner proposed by Alex-Lian, but at least with Unity 5.3.6f, it complaints the exe file is not signed... so downgrade here seem like the most sensible choice.

 

If it can help other people, I still faced this issue today (March 21st 2017), in Unity pro 5.5.0f3 : When a standalone is built with a custom icon, then posted as a zip and downloaded by end-users, then SmartScreen (and some other antiviruses) pops an warning.
This is quite a serious issue for us because end-users often don't have admin rights on their computers, which doesn't allow them to click on "continue anyway" when this warning pops.

Removing the custom icon solved the issue for us, thanks a lot for mentionning it, TomGolan.

 

Still the same for 2017.x, you can replace icon, but need to get it digitally signed - costing around $200.