The first time a ClickOnce deployment runs for a Windows user, it pops up an "Application Run - Security Warning" prompt. I've found that this initial prompt can be suppressed by installing the code signing certificate (and chain) onto the local machine. After the code signing certificate expires (certificate is timestamped), it no longer appears to be possible to suppress the prompt. And if the certificate is installed in the trusted publisher store, it displays "unknown publisher" rather than the actual publisher string. If the certificate is removed from the store, it goes back to showing the publisher string.
I initially thought that it might be that the deployment manifest file didn't contain a timestamp. But I eventually found a manifest file for another application that also has an expired code signing certificate, and it does contain a timestamp, and it had the same issue, so it does not appear to be remedied by the timestamp in the manifest.
Is it just not possible to suppress this particular prompt by installing the certificates after the certificate expires?
