Codesigned but 'unknown publisher'

I Use Ksign and a Comodo certificate to sign on Windows.
But users still see ‘Unknown Publisher’, and I have reports of Norton blocking outright.
(Naturally their advice says ‘by A Symatec certificate’)

What is the cause of ‘Unknown Publisher’ when something has been signed?

As far as I can remember: If you have a certificate of type “Extended Validation (EV) for Microsoft®” (which of course cost a lot), you will get the feature:“Establish reputation with SmartScreen® Filter”. In other words: An application signed with such a certificate is immediately recognized as being “OK”.

For all other code signing certificates, you will need to get a “reputation”. After (who knows how many or how it works) downloads/days/months/…?, this warning will disappear.

One example: Our apps have been signed with a standard Code Signing certificate (not an EV). No issues at all.
When we renewed it, we wanted to change the name of “my company” to “my company something”.
Effect: the very same you’re seeing - SmartScreen has no reputation for “my company something”. Users will get that “scary warning”. We could then revoke that cert, and get it renewed with the “old/previous” name “my company” -> no issues with the new certificate in that regard.

So: if you don’t ever want to see your customers that warning, you’ll have to buy an EV certificate.
Otherwise, it will take some time (who knows why and how this exactly works) until you get “fully trusted”.