First, yes – my bad. Microsoft has chosen NOT to respect the signature.
Secondly – I’m confused. Adam – what was the name of the executable that triggered the first “Windows protected your PC” message. You wrote that it popped up when you tried to open an old file, so I was under the assumption that this happened when you tried to use the new version 2.1 AxCrypt. If, in fact, this was a self-decrypting file i.e. something like “My File-ext.exe” – then it’s entirely possible that the warning comes up. But I still don’t see why you don’t get an option to run anyway.
Now, you write “I don’t trust Authenticode because it’s too easily tampered with“. Really? This is not true at all. Authenticode is a strong digital signature, with quite adequate cryptographic strength. Can you provide a reference to indicate that Authenticode is vulnerable?
Finally, you refer to “a version on the internet” and send a screen shot with what appears to be a digitally signed “AxCrypt-2.1.1489-Setup.exe” but with a timestamp of January 5, 2017 – and that is indeed wrong.
Can you check the validity of this signature using the ‘Details’ button please and send a screen shot. Also, I’d very much like a copy of that file as well a link to the source of it.
The correct current setup shows the following under ‘Details’: