SmartScreen, signing, and verifying the installer

The PinDrift installer is signed by Microsoft Trusted Signing, so Windows SmartScreen should accept it without prompts. If you ever see a warning anyway - or your antivirus flags it - the most likely cause is a tampered copy from a third-party mirror. This page tells you how to confirm you have the real installer.

How signing protects you

Code-signing puts a cryptographic stamp on the installer that proves two things: (1) the file came from us, and (2) it hasn’t been modified since we built it. Microsoft Trusted Signing is Microsoft’s managed code-signing program; certificates issued through it are trusted by Windows SmartScreen automatically, which is why a signed PinDrift installer doesn’t trigger the “Windows protected your PC” dialog.

Pirated and tampered copies of PinDrift exist on shady download sites. Those copies lose the signature the moment anyone modifies them, so SmartScreen will warn you. If you ever see that warning, do not click through - re-download from pindrift.app instead.

Verify the signer manually

If you want to confirm the signature on a downloaded installer:

1. Right-click PinDrift-Setup.exe in File Explorer.
2. Properties → Digital Signatures tab.
3. Select the signature in the list, then click Details. The signer should read PinDrift, the issuer should be a Microsoft Trusted Signing CA, and the timestamp should be within a few days of the version’s release.

If any of those fields are missing or different, the file was tampered with. Delete it and re-download from pindrift.app.

Verify the installer with SHA-256

For extra paranoia - or to verify a copy that was passed around on a USB stick - compare the installer’s SHA-256 hash against the value we publish at the canonical download endpoint.

Current release

• pindrift.app/download/SHA256SUMS.txt - canonical hash table for the current release.

How to compute the hash on your end

Windows PowerShell (works out of the box, no install needed):

Get-FileHash .\PinDrift-Setup-1.0.0.exe -Algorithm SHA256

Compare the Hash output to the line for that filename in SHA256SUMS.txt. If they match, the installer is intact. If they differ by even one character, the file you have is not the file we published - do not run it.

If SmartScreen still warns you

A signed installer should not trigger SmartScreen. If yours does, walk this short list:

1. Confirm the source. Only pindrift.app and the redirect from your purchase email serve the real installer. Mirror sites, “download accelerators,” and torrents do not.
2. Check the digital signature using the Properties → Digital Signatures steps above. Missing or wrong signer = tampered file.
3. Compute the SHA-256 hash and compare against SHA256SUMS.txt.
4. If everything checks out and SmartScreen still complains, your Windows install’s SmartScreen reputation cache may be stale. Click More info → Run anyway; the warning will not return on subsequent launches.

Antivirus false positives

GPS spoofers as a category trip heuristic AV detection - even when the binary is signed. The official PinDrift installer has been submitted to all major AV vendors for whitelisting, but new releases occasionally take a few days for AV signatures to catch up. If yours flags PinDrift:

1. Verify the signer first using the steps above. If the file is signed by Microsoft Trusted Signing as PinDrift, the AV hit is a false positive.
2. Add the install folder to your AV’s exclusion list (typically %LOCALAPPDATA%\PinDrift).
3. Email the contact form with the AV name, version, and exact warning text. We work directly with vendors to remove false positives.

If something doesn’t add up

If the digital signature is missing or wrong, or the SHA-256 hash doesn’t match the value at pindrift.app/download/SHA256SUMS.txt, do not run the installer. Send a description of where you downloaded it, the date, and the hash you computed via the contact form. We take “someone is hosting a tampered PinDrift” seriously.

Last reviewed May 2026.