Hello team, I have a customer reporting that "the first time I tried to run a Visual COBOL executable on our new server, Windows threw an error like the one below."

and asking:

Is there some trick to getting this to not occur?

Initial research I've just done on smartscreen shows:

 Microsoft Defender SmartScreen flags a program as "unrecognized" when it lacks a sufficient reputation or is not widely known to Microsoft's security database. This can happen due to:

• Low Distribution: The program is new, has limited downloads, or is not commonly used, so SmartScreen hasn't built a trust profile for it.
• Missing Digital Signature: The program lacks a valid digital signature from a trusted certificate authority, which verifies the publisher's identity.
• Suspicious Behavior: The program exhibits characteristics similar to malware, such as unusual file modifications, network activity, or code obfuscation.
• New or Modified Files: A recently compiled or updated program may not yet be recognized by SmartScreen's cloud-based reputation system.
• Source of Download: If the program is downloaded from an untrusted or low-reputation website, SmartScreen may flag it.
• False Positives: Legitimate programs, especially from small developers or open-source projects, may be flagged due to limited recognition or incomplete metadata.

SmartScreen uses machine learning and cloud-based analysis to assess files, so reputation is built over time as more users run the program safely. Developers can improve recognition by signing their code with a trusted certificate, submitting it to Microsoft for analysis, or increasing its distribution to establish a positive reputation.

Is there a recommendation to avoid this? 

Hi Jim,

After a quick search, I haven't found any reports of customers encountering this issue with Visual COBOL. Just for future reference, it might be useful to know the version (and Patch Update level) of Visual COBOL, and the Windows O/S version in use. And whether the same exact COBOL executable ran without this issue on their prior Windows Server, and what version of Windows that was running.

Further searching found an about options to enable or disable SmartScreen, but of course your customer will need to decide if this is acceptable in their environment: How to Enable or Disable the SmartScreen Filter in Windows.

Hi Again Jim,

I wanted to mention that in addition to being able to enable or disable SmartScreen, the linked article also described some options for filtering to control what was blocked, or warned about, etc. Once again, the link was How to Enable or Disable the SmartScreen Filter in Windows.

Hello team, I have a customer reporting that "the first time I tried to run a Visual COBOL executable on our new server, Windows threw an error like the one below."

and asking:

Is there some trick to getting this to not occur?

Initial research I've just done on smartscreen shows:

 Microsoft Defender SmartScreen flags a program as "unrecognized" when it lacks a sufficient reputation or is not widely known to Microsoft's security database. This can happen due to:

• Low Distribution: The program is new, has limited downloads, or is not commonly used, so SmartScreen hasn't built a trust profile for it.
• Missing Digital Signature: The program lacks a valid digital signature from a trusted certificate authority, which verifies the publisher's identity.
• Suspicious Behavior: The program exhibits characteristics similar to malware, such as unusual file modifications, network activity, or code obfuscation.
• New or Modified Files: A recently compiled or updated program may not yet be recognized by SmartScreen's cloud-based reputation system.
• Source of Download: If the program is downloaded from an untrusted or low-reputation website, SmartScreen may flag it.
• False Positives: Legitimate programs, especially from small developers or open-source projects, may be flagged due to limited recognition or incomplete metadata.

SmartScreen uses machine learning and cloud-based analysis to assess files, so reputation is built over time as more users run the program safely. Developers can improve recognition by signing their code with a trusted certificate, submitting it to Microsoft for analysis, or increasing its distribution to establish a positive reputation.

Is there a recommendation to avoid this?