Install on Windows

Probe on Windows installs through a small bootstrap executable. It trusts Probe’s code-signing root once, then chains the signed installer for the current release. Every release after that — and every auto-update — installs silently with no SmartScreen warnings.

System requirements

• Windows 10 (1809) or Windows 11. 64-bit only.
• Administrator account. The bootstrap needs UAC to install the certificate into the Local Machine trust store.
• About 250 MB of free disk space.
• A working network connection on first run, so the bootstrap can fetch the latest release from S3.

Install

1. Go to the Download page and click Download for Windows. You’ll get a file named ProbeBootstrap.exe (about 1 MB).

2. Double-click ProbeBootstrap.exe.

3. Windows SmartScreen will warn you the file is unrecognized. Click More info, then Run anyway.

4. Accept the User Account Control prompt. The bootstrap needs admin to write to the Trusted Root store.

5. The bootstrap installs Probe’s code-signing certificate, downloads the latest signed ProbeSetup-<version>.exe, and runs it silently. The whole thing takes 10–30 seconds depending on bandwidth.

6. When it’s done, Probe launches automatically. You can close the bootstrap window — it’s no longer needed.

Caution

SmartScreen only warns on the bootstrap. Once the bootstrap has trusted Probe’s signing certificate, every future Probe installer and auto-update is recognized as signed and installs without any warning. If you see SmartScreen on a regular Probe upgrade, something’s wrong — re-run the bootstrap.

Why a bootstrap?

The first time you install any new publisher’s app on Windows, SmartScreen flags it because the certificate hasn’t built up reputation yet. Probe’s signing cert is valid and trusted by Windows, but reputation is per-publisher and takes time to accumulate.

The bootstrap solves this in one step: it’s a tiny installer that pre-trusts our root certificate, then chains the real signed installer. After that, every Probe update — including silent auto-updates — installs without any prompt.

You only need to run the bootstrap once per machine. If you wipe Windows or move to a new machine, run it again.

Firewall prompts

Right after install, Windows Defender Firewall pops up asking whether to allow Probe to accept incoming connections.

You’ll see two checkboxes:

• Private networks — your home or office Wi-Fi.
• Public networks — coffee shop, airport, conference Wi-Fi.

Tick both. Probe needs inbound access on:

• 9099 for the proxy itself, so phones and other devices on your LAN can route traffic through it.
• 9098 for the CA certificate landing page, so devices can download the cert in a browser.

If you only allow Private and your Wi-Fi profile is set to Public (Windows often defaults new networks to Public), the proxy still works for traffic from this machine, but no other device can reach it. You can change the firewall rule later under Windows Security → Firewall & network protection → Allow an app through firewall.

What you get

After install, Probe is registered with Windows like any other app:

• A Start menu entry under Probe.
• A desktop shortcut (created by the installer; you can delete it).
• A Programs and Features entry for clean uninstall.
• Probe’s code-signing root is trusted machine-wide so future signed installers and auto-updates run without SmartScreen warnings. This is not the MITM CA used to decrypt HTTPS traffic — that one is generated locally on first launch and still needs to be installed into your trust store. See Install CA on Windows.

The first time you launch Probe, the proxy starts on 0.0.0.0:9099 and configures the WinINET system proxy automatically. You’ll see your machine’s IP and port in the toolbar.

When you click Stop, the system proxy settings are restored. If Probe crashes, the next clean launch restores them too.

Auto-update

Once the bootstrap has trusted Probe’s signing root, every subsequent release installs silently in the background. There’s no SmartScreen, no UAC prompt, and no banner asking you to restart.

The flow:

1. Probe checks the release manifest at startup and once per hour while running.
2. If a new version is out, it downloads the signed installer.
3. The new build is staged and applied the next time you launch (or immediately if you accept the relaunch prompt).

A release flagged as a minimum version shows a non-dismissible update dialog at launch. This is reserved for protocol-breaking fixes and certificate updates.

Data directory

Probe stores its CA, sessions, scripts, environments, and settings under:

%USERPROFILE%\.probe\

That’s a hidden folder by default. If you uninstall Probe and want to start clean, delete that directory by hand — the uninstaller leaves it in place so you don’t lose your work.

Uninstall

1. Open Settings → Apps → Installed apps.
2. Find Probe, click the ⋯ menu, then Uninstall.
3. (Optional) Delete %USERPROFILE%\.probe\ to remove your CA and saved sessions.

The uninstaller removes the app and its WinINET proxy settings, but does not remove the trusted root certificate. If you want to revoke trust, open certmgr.msc, navigate to Trusted Root Certification Authorities → Certificates, and delete the Probe entries.

Next steps

First Capture Make your first request and see it in the log.

Certificate Setup Install the CA on phones and VMs to inspect their HTTPS.

Quick Tour 60-second walkthrough of the UI.