Let\'s suppose I\'ve just created an app in visual studio and now I want to distribute it. I\'ve set the app to release mode and I have a copy of the app that works just fine. M
Microsoft has some requirements for getting your app certified. You can read about them in the links I posted below. As for Avast, I'm not too sure what it could be, try using another anti virus program to see if it's taking a while to virus scan. It could also be a performance issue but that's unlikely. (https://docs.microsoft.com/en-us/windows/desktop/win_cert/windows-certification-portal) (https://docs.microsoft.com/en-us/windows/desktop/win_cert/certification-requirements-for-windows-desktop-apps)
Hope that helps
Deployment Tool: Here is a piece on common MSI tools, and links to other, non-MSI deployment tools. The links to Stefan Kruger's site installsite.org shows the full list of available tools for MSI and non-MSI. The most common tools are: WiX (open source, learning curve - hints here), Advanced Installer (great tool, lots of smarts), Installshield (market leader), and others. Have a look.
SmartScreen: Windows now features "SmartScreen" - which is a trust based system where your binaries have to "earn reputation" through use. Essentially you need to buy a Extended Validation Certificate
to "buy trust" outright (Interesting concept... Who smells a racket?):
VirusTotal.com: I like to upload my binaries to VirusTotal.com. They check the binaries with a plethora of malware scanners and you can see if any scanners flag your binaries as suspicious. An important step to check both for genuine malware in your release files (happens), and also - and just as importantly - for false positives - that would otherwise cause your users problems and you a lot of support calls.
Reputation: Note that I am not sure whether uploading helps with the binaries reputation for SmartScreen. I don't think it does - at least not in a quick way. You need an EV code-signing certificate to "buy trust" for large scale distributions. I should add that the vetting and approval for such certificates involve verifying the company's existence (like normal certificates), but also dongles or hardware keys - I think - and hence is quite a bit of fuss to get, and hence does "prove" that the distributor must at least be well-organized.
Links: