Using a code signing certificate
Code signing certificates sign executables, drivers and scripts to remove unknown-publisher warnings.
Windows (signtool)
signtool sign /fd SHA256 /tr http://timestamp.idigitrust.com /td SHA256 app.exe
- /tr sets the timestamp service so signatures stay valid after expiry.
- /fd SHA256 sets the digest algorithm.
Verify
signtool verify /pa app.exe
EV code signing earns SmartScreen reputation instantly.