About

{Update] This will help with this problem, but on further research the only way to have your application fully signed and trusted by Windows is to use a third party certification authority.  This is expensive and out of reach for a lot of us making games as a hobby.  The process outlined here will help your games eventually become trusted, and appears to be a good practice to do, but it seems like a lottery as Microsoft may eventually trust your game if you get enough downloads and people running it.  I think that if we are really going to be able to move forwards in our own developer stories, that there needs to be an accessible solution for this problem that would allow us to get our games "signed" so that they can be trusted by Windows and therefore trusted as safe to play by any of our players.

When building my game for the GameDev.tv Game Jam 2024, and trying out others, I noticed my antivirus software kept considering my game and others as potential malware.  And in some cases it wouldn't even let me run a game.

While a simple fix for this is to turn off antivirus scanning, this isn't really a safe option these days.

On researching this problem I found that it was because when Godot was compiling my game, the software wasn't being "signed" in a way that Windows, or the antivirus software, could recognise that the software was safe to run.

The fix for this is, on a Windows system used to build your games, is to install the Windows Software Development Kit (SDK) for your version of Windows and point your game engine (Godot in my case) to a tool called "signtool.exe" installed with the SDK.

Once set up, provided your project details are set up in the Export window to include who is publishing the software, the game engine will then "sign" the software when it is compiled, making it less likely that your game will be flagged by antivirus software.

I'm presently unsure if this process needs to be set up in other game engines, but if it can, it should mean more people can play your game without worrying about whether or not your game contains a virus.

Instructions for Godot (v4.x)

The following steps are for setting up the Godot game engine with the "signtool" for your version of Windows.

1. Search for and download the Windows SDK for your version of Windows.  A simple google search for "Windows <your version - 10 or 11 etc> SDK".  Make sure you are using a genuine Microsoft download, and the SDK is free to download and install.
2. Once you have downloaded and installed the SDK, find the "signtool.exe" in your filesystem, on mine it appears under "<main drive>:\Program Files (x86)\Windows Kits\10\App Certification Kit\signtool.exe"
3. Once you have copied the file location for the "signtool", open up your Godot project and open the "Editor Settings".  Then in the left hand panel, navigate to "Export > Windows" and paste the file path with "signtool.exe" on the end of the path so it looks something like the full path in step 2.
4. After closing the editor settings, the engine is now configured to sign your game on export, but you will still need to configure your publishing details in the Export window.  For my own games, I have included the Version (from the project settings), the Company Name (CrazyHoundGameDesign), the Product Name (name of game) and the Copyright (CrazyHoundGameDesign) fields.  So long as these fields have some information in them, the signtool will then sign the game with this information on export.

If anyone knows if this needs to be done for Unity and Unreal games, please comment below to let me know.  If you can provide some instructions on setting this up in the engines as well, I can add them to this post.

I also know the instructions are a bit different for building games on a Linux OS, so if you set up some instructions, you can link it in the comments or I can add it to the post.