zeroone wrote:It's Symantec Endpoint Protection. [...] In fact, Chrome [...] said that this particular .exe file was rarely downloaded (it's a newly posted file).
Thank you for providing enough information to allow research.
My research shows that "Safe Browsing"-type things are less likely to trigger if the publisher of an application follows the following steps. Two should be free of charge; two require a periodic payment to a certificate authority.
- Offer the download through HTTPS. HTTPS is HTTP tunneled through TLS (Transport Layer Security), formerly called SSL (Secure Sockets Layer). TLS requires a valid TLS certificate, which is an X.509 certificate certifying that a certificate authority (CA) has verified that the owner of the private key corresponding to a particular public key controls a particular domain. Domain-validated TLS certificates are available without charge from StartSSL, WoSign, and Let's Encrypt; organizationally validated ones cost more. If you have a VPS, you can install it at no extra charge; if you have shared hosting, you'll have to have your hosting provider install the certificate (for StartSSL or WoSign) or an ACME client (for Let's Encrypt) on your behalf. I had to go through StartSSL because my web host has not yet installed an ACME client, despite two duplicate questions on its Stack Exchange knockoff to do so (1 | 2).
- Build a history of downloads by users of the same browser of executables hosted on the same domain. This is the most important step for Google Chrome's Safe Browsing feature.
- Digitally sign and timestamp each executable file with a valid Authenticode software publisher certificate. A software publisher certificate allows earned reputation to leak into other executables from the same publisher, such as new versions of a program. But unlike TLS certificates, Authenticode certificates aren't available without charge because there's no counterpart to a domain-validated certificate.
- Build a history of downloads by users of the same browser of executables signed with the same Authenticode certificate. This is the most important step for the SmartScreen feature of Internet Explorer. And in Windows 8 and Windows 10, even zipped executables are subject to SmartScreen. If the certificate that you bought in step C is an Extended Validation, Internet Explorer will let you skip this step.
- Submit the executable to Symantec for whitelisting prior to release.
Sources:
Google Chrome Help Forum; Google
internet explorer smartscreen;
Adding software to the Symantec Whitelist
But then Symantec has a conflict of interest here, as it is also an Authenticode certificate authority.
However, I do not have admin rights to this test box.
Have you requested that your administrator add executables or web sites to the whitelist? If so, what reason was given for denial?
I was able to download and extract a .zip containing the .exe without an issue.
I guess that's a valid workaround for you, but looking forward, I can see that it might not be a valid workaround for users of SmartScreen on Windows 8 and Windows 10.
And, I prefer not to auto-update if I have something that works. Think about how annoying auto-update is in Windows.
But how do you know it works? What if the emulator has a bug that allows a ROM to escape from the emulator and run native code as the user, as ZSNES's SA-1 support is known to have? Does something "work" if it is unsafe in this manner?