Hi.
It can be done. If you are deploying standard executables then you have to do that manually. If you are on PB 2019R3 or later, and deploying using powerclient, there is a tab to sign the generated executable. The same option is also available in PB 2021 and later when creating cloud apps (powerserver).
To sign an executable, you have to use Microsoft SignTool. This is a command line tool to digitally sign and verify signatures in files. But, code signing should not only applied in exe but also in pbd, dll's that accompanies your application. And you must have in mind that you have to check that those file's signatures are valid... If a signed file is somehow tampered, this doesn't mean it won't execute... The issue will be it doesn't contains a valid signature (or it isn't signed at all)... But you will have to check that. There is also a good chance that antivirus will detect that as an issue.
Take a look at the following links:
Authenticode signing (appeon.com)
security - Can signed executables be tampered with while retaining the integrity of the signature? - Stack Overflow
Doing some search in this forum or by googling you could find more results.
Andreas.
with the new cert requirements (as of 2023 and not appeon requirements), you now need to use either a physical USB token or a cert repository or a cert service.
either way makes it more complicated than back when you could use a cert file. So you may end up needing to write a command line file. The command line file can be run from the referenced tab in the project (at least in current versions of PB).