If your browser, Windows Defender, or another antivirus has shown you a warning when downloading or installing CNC3D Commander, don't panic. This page exists because we'd rather take five minutes to explain than have you guessing.

​

The short version: CNC3D Commander is legitimate Australian-made CNC control software, built by CNC3D Pty Ltd, the same company that designs and sells the CNC machine sitting in your workshop. The warnings you may see are not because the software is harmful. They're an artefact of how Microsoft and Google treat small software vendors who haven't paid for the most expensive tier of "trust certificate" in their system. You can verify everything below in under five minutes.

 

Why does my browser say it might be unsafe?

​

Read the warning carefully. It almost certainly says one of:

​

• "This file isn't commonly downloaded"

• "Windows protected your PC"

• "This type of file can harm your device"

• "Unknown publisher"​

​

None of those statements mean a virus has been detected. They mean the system doesn't recognise the file yet.

 

This is a known issue affecting nearly every small software vendor on the planet. It is so widespread that thousands of developers have written about it publicly.

 

If you'd like to see for yourself, search Google for any of:

​

• "code signing extortion"

• "smartscreen false positive small developer"

• "defender false positive obfuscated software"

​​​

You'll find established, reputable vendors (Audacity, OBS Studio, Inkscape, KeePass, FL Studio, and hundreds more) describing the exact same problem.

​​

​

The short, honest explanation of why this happens...

​

Microsoft and Google have built a tiered trust system for downloadable software:

​

1. No certificate (free): Maximum warnings. Browser may refuse the download outright.

2. Self-signed certificate (free): Some warnings. Windows treats it as unverified.

3. Organisation Validated (OV) certificate (~$200 USD/year): Warnings reduce. You must then build "download reputation" over thousands of installs before they disappear entirely.

4. Extended Validation (EV) certificate (~$500 to $1000 USD/year, hardware token required): Instant trust. Warnings vanish from day one.

​

The EV tier is the controversial part. There is no technical reason an EV signature should be more trusted than an OV signature. Both involve identity verification by a certificate authority. The difference is purely commercial: pay more, get treated better.

​

For a small business, this is effectively a yearly tax to be visible. Many developers consider it a soft form of extortion/blackmail, which is why that exact phrase returns so many results in search engines.

 

We have chosen, so far, to keep our software free rather than pass these costs onto every customer. The trade-off is that you may see a warning when you first install. We're working on upgrading our certificate to reduce this, but in the meantime, this page will help.

 

Five ways to verify CNC3D Commander is legitimate...

​

You don't have to trust us. Verify it yourself.

​

1. Check the digital signature

 

After downloading, right-click the file and select Properties, then click Digital Signatures. You should see:

• Signer name: CNC3D Pty Ltd

 

If that name doesn't appear, do not run the file. Email us immediately at solutions@cnc3d.com.au so we can investigate.

 

2. Verify our company exists in Australian government records

 

CNC3D Pty Ltd is a registered Australian company. Anyone can confirm this:

• Australian Business Register: abr.business.gov.au (search "CNC3D")

• ASIC Connect: connectonline.asic.gov.au (Australian Securities and Investments Commission)

Our ABN, registered address, and company history are public.

 

3. Scan it on VirusTotal

 

VirusTotal is a free service owned by Google that scans files against 70+ antivirus engines simultaneously:

​

https://www.virustotal.com/gui/home/upload

​

What to expect: A small number of engines (typically 2 to 5 out of 70+) may flag the file. This is normal for commercial software that uses code obfuscation to protect intellectual property. The flags will have names like "Heuristic," "Generic," "Suspicious," or "ML." These are guesses from automated systems, not actual malware identifications. The overwhelming majority of engines will report clean.

​

If you'd like to interpret the results, email us a link and we'll walk you through them line by line.

​

4. Check our public presence

 

We're not a faceless website. CNC3D Pty Ltd:

​

• Has been designing and selling CNC machines since 2017

• Ships physical CNC hardware to thousands of customers across Australia and internationally

• Maintains active YouTube channels, social media, and a support presence

• Attends trade events

• Operates from a registered business address in Australia

• Can be reached by phone during business hours

 

A malware author does not sell forklift-pallet-sized CNC routers under their real ABN.

​

5. Just contact us

 

Contact us via any method listed here or join one of our user groups: Contact Us

​​​

​​

How to download and install safely

​

If your browser blocks the download, follow these steps. They are the same steps used to install Audacity, OBS Studio, and dozens of other respected open-source and small-vendor applications.

 

Step 1: Allow the download

​

If Chrome, Edge, or another browser blocks the download:

• Click the download warning that appears

• Select Keep or Keep anyway

​

If your browser refuses entirely, try Firefox. It is generally more permissive with small-vendor downloads.

​

If the main Commander installer download link fails to download, please download the the CNC3D Commander installer in ZIP format here:​​