Troubleshoot Secure Client Installer that Triggers Windows Smartscreen Block

Available Languages

Download Options

  • PDF     (8.7 KB)
    View with Adobe Reader on a variety of devices
Updated:May 20, 2026
Document ID:225949

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Introduction


This document describes a potential issue where installers for Cisco Secure Client may trigger Smartscreen on Windows and prevent installation. This is caused by a recent signing by Azure Code Signing (ACS). This article wil explain how to resolve this issue.

Issue Description

Browsers and some download methods may add the Mark-of-the-Web (MOTW) zone identifier to downloaded files. When Azure Code Signing (ACS)-signed installers are involved, this can cause Windows SmartScreen to block installation.

NOTE: : This does NOT affect installers from Cisco XDR/Cisco SCCM (Secure Client Cloud Management) or upgrade scenarios where installer distribution is performed via Intune. 

Resolution

There are two ways to resolve this installation block:

Method 1: Download without browser (avoid MOTW)

Use curl, PowerShell, or similar tools to download the file. Browsers add the Mark-of-the-Web (MOTW) zone identifier to downloaded files, which can trigger this behavior.

Method 2: Remove MOTW (Zone Identifier)

Use a PowerShell command such as Remove-Item -Force -Stream Zone.Identifier, or create a script similar to this one, to remove the MOTW zone identifier from the file.

Related Information

Azure Trusted Signing: new intermediate CAs causing SmartScreen warnings

SmartScreen warnings triggered after silent migration - Github

Revision History

Revision Publish Date Comments
1.0
20-May-2026
Initial Release
TAC Authored

Contributed by Cisco Engineers

  • Matthew Franks
    Cisco TAC
  • Brenda Marquez
    Cisco TAC

Was this Document Helpful?

FeedbackFeedback

Contact Cisco

This Document Applies to These Products