My team is creating a Desktop application using Electron. During user testing Norton flagged and blocked an action for accessing C:\Users<user>\AppData\Roaming\Microsoft\Crypto\RSA.
I researched about this location and it is used to store certificate pair keys for the system and its users. Whenever a certificate request is generated for the machine, a new file is created in this location.
The application still needs to be Code Signed with a Windows Authenticode Code Signing Certificate. We have a task to implement code signing and I am not sure if that will stop Norton from flagging this action or not.
I am reaching out to see if anyone has experience or knowledge on when private keys are stored or retrieved from this location when launching an application for the first time and if they can provide any additional insight.
It would also be helpful if anyone is able to provide insight on if implementing the Code Signing would prevent Norton’s Data Protector from flagging this as suspicious and blocking the action.
Any help would be greatly appreciated.