Install

SmartScreen warnings and verifying the installer

PinDrift is a new app and the installer is not code-signed yet, so the first time you run it Windows SmartScreen shows “Windows protected your PC.” That is expected, not a sign that anything is wrong. This page explains why it happens, how to get past it, and how to confirm you have the real installer using its SHA-256 hash.

Short version

Download PinDrift-Setup.exe only from pindrift.app. SmartScreen will warn you because we are not code-signed yet; click More info → Run anyway. To be certain the file is genuine, verify its SHA-256 hash against the table below before you run it.

Why SmartScreen warns

Code-signing certificates cost money and SmartScreen reputation takes time to build. PinDrift does not have a code-signing certificate in place yet, so Windows treats the installer as “unknown” and shows the “Windows protected your PC” dialog by default. The warning only means Windows has not seen this exact file from a known publisher. It does not mean the file is unsafe. Signing is on our list once the business entity is set up; until then, the SHA-256 hash below is how you verify authenticity.

Pirated and tampered copies of PinDrift exist on shady download sites, and some have shipped malware. Because there is no signature to lean on, the SHA-256 hash is how you make sure you have the file we actually published. Always download from pindrift.app.

Verify the installer with SHA-256

Compare the installer’s SHA-256 hash against the value we publish at the canonical download endpoint. A matching hash proves the file came from us and has not been modified, with or without a signature.

Current release

pindrift.app/download/SHA256SUMS.txt - canonical hash table for the current release.

How to compute the hash on your end

Windows PowerShell (works out of the box, no install needed):

Get-FileHash .\PinDrift-Setup-1.0.0.exe -Algorithm SHA256

Compare the Hash output to the line for that filename in SHA256SUMS.txt. If they match, the installer is intact. If they differ by even one character, the file you have is not the file we published - do not run it.

Getting past the warning

Confirm the source. Only pindrift.app and the redirect from your purchase email serve the real installer. Mirror sites, “download accelerators,” and torrents do not.
Compute the SHA-256 hash and compare it against SHA256SUMS.txt. A match means you have the genuine file.
Click More info → Run anyway on the SmartScreen dialog. The warning will not return on later launches.

Cracked builds are everywhere - some are malware

PinDrift is the cleanest tool in a category that has earned its sketchy reputation. Cracked copies of PinDrift on shady download sites have been observed shipping infostealers and miners. Always download from pindrift.app, and verify the SHA-256 hash if your antivirus or SmartScreen complains.

Antivirus false positives

GPS teleporters as a category trip heuristic AV detection. The official PinDrift installer has been submitted to major AV vendors for whitelisting, but new releases occasionally take a few days for AV signatures to catch up. If yours flags PinDrift:

Verify the SHA-256 hash first using the steps above. If the hash matches the value we publish, the AV hit is a false positive.
Add the install folder to your AV’s exclusion list (typically %LOCALAPPDATA%\PinDrift).
Email the contact form with the AV name, version, and exact warning text. We work directly with vendors to remove false positives.

If something doesn’t add up

If the SHA-256 hash doesn’t match the value at pindrift.app/download/SHA256SUMS.txt, do not run the installer. Send a description of where you downloaded it, the date, and the hash you computed via the contact form. We take “someone is hosting a tampered PinDrift” seriously.

Last reviewed June 2026.