We have an exe file delivered by an ASP.NET application. This binary is actually modified on the fly in memory. Is there any way to sign the modified exe with authenticode in memory without writing to disk? There's probably no way to sign the original exe and still keep the signature valid after modification. We thought about using ram disk to help on disk i/o if we have to, but just wondering if there are any other options.
The problem is really how to get rid of the unknown publisher warning. So if there is any other way that does not involve signing or changing policy settings on the client's computer, please let me know as well.