Skip to main content

Indie game storeFree gamesFun gamesHorror games
Game developmentAssetsComics
SalesBundles
Jobs
TagsGame Engines

Code signing your games (mainly Godot)

About

{Update] This will help with this problem, but on further research the only way to have your application fully signed and trusted by Windows is to use a third party certification authority.  This is expensive and out of reach for a lot of us making games as a hobby.  The process outlined here will help your games eventually become trusted, and appears to be a good practice to do, but it seems like a lottery as Microsoft may eventually trust your game if you get enough downloads and people running it.  I think that if we are really going to be able to move forwards in our own developer stories, that there needs to be an accessible solution for this problem that would allow us to get our games "signed" so that they can be trusted by Windows and therefore trusted as safe to play by any of our players.

When building my game for the GameDev.tv Game Jam 2024, and trying out others, I noticed my antivirus software kept considering my game and others as potential malware.  And in some cases it wouldn't even let me run a game.

While a simple fix for this is to turn off antivirus scanning, this isn't really a safe option these days.

On researching this problem I found that it was because when Godot was compiling my game, the software wasn't being "signed" in a way that Windows, or the antivirus software, could recognise that the software was safe to run.

The fix for this is, on a Windows system used to build your games, is to install the Windows Software Development Kit (SDK) for your version of Windows and point your game engine (Godot in my case) to a tool called "signtool.exe" installed with the SDK.

Once set up, provided your project details are set up in the Export window to include who is publishing the software, the game engine will then "sign" the software when it is compiled, making it less likely that your game will be flagged by antivirus software.

I'm presently unsure if this process needs to be set up in other game engines, but if it can, it should mean more people can play your game without worrying about whether or not your game contains a virus.

Instructions for Godot (v4.x)

The following steps are for setting up the Godot game engine with the "signtool" for your version of Windows.

  1. Search for and download the Windows SDK for your version of Windows.  A simple google search for "Windows <your version - 10 or 11 etc> SDK".  Make sure you are using a genuine Microsoft download, and the SDK is free to download and install.
  2. Once you have downloaded and installed the SDK, find the "signtool.exe" in your filesystem, on mine it appears under "<main drive>:\Program Files (x86)\Windows Kits\10\App Certification Kit\signtool.exe"
  3. Once you have copied the file location for the "signtool", open up your Godot project and open the "Editor Settings".  Then in the left hand panel, navigate to "Export > Windows" and paste the file path with "signtool.exe" on the end of the path so it looks something like the full path in step 2.
  4. After closing the editor settings, the engine is now configured to sign your game on export, but you will still need to configure your publishing details in the Export window.  For my own games, I have included the Version (from the project settings), the Company Name (CrazyHoundGameDesign), the Product Name (name of game) and the Copyright (CrazyHoundGameDesign) fields.  So long as these fields have some information in them, the signtool will then sign the game with this information on export.

If anyone knows if this needs to be done for Unity and Unreal games, please comment below to let me know.  If you can provide some instructions on setting this up in the engines as well, I can add them to this post.

I also know the instructions are a bit different for building games on a Linux OS, so if you set up some instructions, you can link it in the comments or I can add it to the post.

Support this post

Did you like this post? Tell us

Leave a comment

Log in with your itch.io account to leave a comment.

(1 edit)

Thanks so much for taking the time to post this! I have followed these steps. However, windows still flags it on my partners PC. Googling seems to indicate you actually need to buy a signature license for Windows to actually recognise it. Note: I'm Win10 and she is Win11. Maybe Win11 is more vocal with it as they are trying to be more "secure"?

(+1)

This situation seems a lot more complicated than just using the sign tool.

On further reading it appears as though, as you say, to have your game trusted automatically by Windows, you need to subscribe to a third party certification authority.  Doing this though is rather expensive and I imagine most of us (including myself) cannot afford to do this, there also appears to be no reasonable or accessible alternative on a Windows system for this.

Using the sign tool is still a good step as it does "sign" the application for your Windows install, and apparently, if this is done and the application gets enough downloads, Microsoft may eventually consider the application as "safe".

It's quite annoying that there isn't a good solution to this problem for Windows.  I will update the post to reflect this.

I think there needs to be some kind of option for this that is accessible to small developers.

I 100% agree with what you just said. It would be nice if engines themselves are allowed to be recognised by windows if going through the engines export or something. Kinda rough... Ah well! It is better, as you say, to do it!!! It wasn't until signing it this way that I noticed it defaults to copyright under someone else's name (i had specified copyright before but i guess it doesnt sign it), so either way this is a good thing to be doing ^.^