Add File Hashes

[AnphirAddoN]

[rcmaehl]

It shouldn't per its VirusTotal results it's not detected as a False Positive by Microsoft

The full results are here:
https://www.virustotal.com/gui/file/03ad9794200346d393ff1e14ece895ac8184a1fa179cc13561b3fdfe7a2df6d1/detection

I don't know the exact translation but I know that Chrome blocks uncommon downloads, this may be a similar feature.

[Sarpar12]

This is due to Microsoft Smartscreen. Not sure how you can bypass that other than disabling smartscreen.

[sanny-io]

Consider printing the artifact's hash as part of the workflow @rcmaehl. While this won't help with Edge's warning, it will allow users to know that the binary they are downloading is built from this repo.

[micwoj92]

I am pretty sure that @rcmaehl builds release builds locally. And to my knowledge autoit doesnt produce reproducible binaries (but I didn't read much into it, so maybe it is possible)

[sanny-io]

Releases should have binaries from the CI. Safety is a concern with projects like this. As long as the build comes from the CI, there is no need for reproducible binaries. The process would go like this.

1. CI compiles binary.
2. CI prints hash of the binary.
3. New release is published with the CI's binary, either automatically or manually.
4. The integrity of the release's binary is verified by comparing its hash to the hash from the CI.

[hez2010]

Microsoft SmartScreen has block first-seen feature, which blocks executables are first seen on the Internet. Ignoring the prompt is okay for this project.
As for developer, a workaround is to zip the release executable file.

[Masamune3210]

zipping the file doesnt help much, this stuff happens literally all the time over in emulation projects where the builds can come out really fast, which doesn't give the heuristic network enough time and training to realize that they arent malicious

[v-kajaye]

Google chrome and Edge uses Chromium code base. File types that are mostly blocked are listed here https://source.chromium.org/chromium/chromium/src/+/main:components/safe_browsing/core/resources/download_file_types.asciipb

defender smart screen blocks them based on Authenticode certificates and file hash allowed. You can create the below registry key to allow the file type downloadable without warning

**Execute the below code in PS ISE ****

$regpath="HKLM:\Software\Policies\Microsoft\Edge\ExemptDomainFileTypePairsFromFileTypeDownloadWarnings"

if (!(Test-Path $regpath)) {
New-Item -Path $regpath -Force
}

New-ItemProperty -Path $regpath -Name "1" -Value '{"domains": ["*"], "file_extension": "exe"}' -PropertyType String -Force

[micwoj92]

Can be closed now.