How can I make my executable considered trustworthy by Windows and common Antivirus applications?

Question

I have developed a certain portable program. I have posted it to my website, and made it available for downloading. However, whenever I download that executable from my website, and try to open it, first I get the warning from Windows, "The publisher could not be verified. Are you sure you want to run this software?", and even if I proceed, my antivirus (Avast) puts it into a DeepScreen, analyzing it for a considerable time before it realizes it is safe.

My question is, what should I do so that the users of my program wouldn't have to deal with these inconveniences? How do I make my program "verified" by Windows and all the numerous antiviruses that are out there?

I apologize if a similar question was asked before, but after a considerable amount of googling, I was unable to find a solution. Most people give information on how to add exclusions for an executable for specific antiviruses on specific computers, but that won't help the people who will use my program. what I want to do here is prevent the problem in the first place. Any advice?

Answer 1

1. Code-signing: unsigned or incorrectly signed software is a big red-flag
2. Time: New executables are always regarded as more dangerous, if the AV has seen the same file before on many systems, it's more likely to be safe. Signing might allow some transfer of this reputation to new executables.
3. Reputation: Once you are signing executables the vendors can treat all those signed by you in a similar manner.

As a fall-back AV vendors generally have a mechanism for submitting files as false-positives, which might prevent them being detected as malware, and allow short-cutting of lengthy scanning procedures.

I haven't ever bought a code-signing cert, but Comodo seems to be the cheapest at £75 for a year.