I have compiled a VB6 app and I digitally sign it after compilation using a batch file containing this command:

signtool sign /f apt.pfx /p MyPassword d:\upload\service_pack_UK_BETA.exe

If I right-click the EXE I can see the digital signature in the file Properties. However if people download the file and try to run it in Windows 8 they get the message in SmartScreen that it's from an Unknown Publisher.

I have read articles such as this one http://social.msdn.microsoft.com/Forums/windows/en-US/00813d25-d258-40d8-b03a-c4468959f311/smartscreen-shows-unknown-publisher-even-though-signed-correctly-using-a-trusted-certificate?forum=winformssetup but the solution they recommend can't be achieved in VB6.

How can I sign the EXE so that SmartScreen will accept it?

See http://blogs.msdn.com/b/vsnetsetup/archive/2013/01/09/windows-smartscreen-prevented-an-unrecognized-app-from-running-running-this-app-might-put-your-pc-at-risk.aspx, specifically the last two sentences of the post

Once this is done, the SmartScreen will continue to warn about the application
until the certificate develops a reputation. But it would display a valid
publisher name instead of unknown publisher.

SmartScreen in Windows 8 maintains a list of valid and trusted publisher certificates (as well as whether the signed files are commonly encountered). When it encounters a new publisher certificate, even when the certificate chain is good and trusted, it won't be added to the list of trusted publishers until enough hits warrant it, what Microsoft calls SmartScreen Application Reputation.

Sources:

• http://ie.microsoft.com/testdrive/Browser/DownloadReputation/?o=1
• http://blogs.msdn.com/b/ie/archive/2011/03/22/smartscreen-174-application-reputation-building-reputation.aspx
• http://blogs.msdn.com/b/ie/archive/2012/08/14/microsoft-smartscreen-amp-extended-validation-ev-code-signing-certificates.aspx (mentions SmartScreen Application Reputation)