Greetings.

Reinstall Windows 10 and install GOG Galaxy, SmartScreen notes that the executable comes from an unknown publisher. I uploaded the file to VirusTotal, and although it shows as a clean executable, it also indicates that it is not digitally signed.

The curious thing is that I downloaded the version 1.2 installer and its digital signature remains valid.

I hope they can address this as soon as possible, it seems bad that the application of a recognized store does not pay attention to something so basic.

Ultimately, the error with the digital signature is caused by the online installer of the application. I downloaded the offline installer and Smart Screen recognizes the validity of the digital signature without any problem.

I don't know much about programming, but it is likely that there is an outdated instruction in the online installer after the last update of the store.

Locally, both the web installer and the 1.2 installer show as carrying a certificate that was valid from December 13th 2019 until February 10th 2021. I don't know why the latter would show as still valid on VirusTotal or elsewhere.

In any case, if you care that much, open a support ticket.

What you are calling a certificate is a time stamp, not a publisher certificate. Time stamps are usually in addition to publisher certificates and it should be noted that the sha1 "Digest algorithm" used is depreciated and the time stamp should be considered untrusted.

Each download of the GOG_Galaxy_2.0 Application yields a different checksum, each time I check it with virustotal it sees it as a new submission.

No idea what you're on about.