My company finally bought a code-signing certificate.
I have a WinForms application (1 exe and several dlls), all assemblies are already signed with a strong name. The entire application is then packaged into a msi installer. Then I use NSIS to pack the msi, the bootstrapper and the prerequisites (Framework, SQL CE...) into a single setup.exe.
Obviously my setup.exe needs to be signed, to avoid the "scary" UAC prompt. Is that enough or would you also sign the other files, especially the .NET assemblies?
Another project that belongs to the application is a Windows serivce. Would you sign that assembly?