Wait some time for the certificate to gain trust among users (can take from several days to several weeks)
[!tip] It's the best time to certify your app in before the 1.0 release, so it can gain trust.
SmartScreen "blocks" us from opening the app if it comes from an unknown place or is created by an unknown publisher. We still can install the app, but we'll see a dialog asking us if we're sure what we're doing.
In details that means that if we download a file, it gets flagged by Windows as a subject to check with SmartScreen. We can see that parameter in Properties dialog.
According to Electron docscode signing should be enough to ultimately not trigger any OS security checks. However, not from the very beginning.
On Windows, the system assigns a trust level to your code signing certificate which if you don't have, or if your trust level is low, will cause security dialogs to appear when users start using your application. Trust level builds over time so it's better to start code signing as early as possible.
This means the signed app will have to gather enough reputation not to display this dialog.
the reputation will not automatically carry over to the renewed certificate (even if it's signed against the same private key as the old certificate) (source)
we shall buy the certificate with the longest possible validity period
we can mitigate the problem by getting renewed code signing certificate before the old certificate expires, and then using both the old (but not yet expired!) and the renewed certificate to sign the app
The old certificate will continue to bypass SmartScreen; the new one will help to build up trust
A user on SO hinted that arhiving with rar would make the archive flagged, but the unarchived installer itself wouldn't be flagged. This should be tested though (and, frankly, I don't think it'll work).