How to avoid windows security warning pops up during a signed driver installation

I have a driver software I compiled for windows 7. I have used DigiCert Code signing certificate (CN = DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1) to sign the installation package. With the previous version of this driver I used Verisign certificate (VeriSign Class 3 Code Signing 2010 CA).
The new Digicert one is using SHA256 signature alg and Verisign had SHA1 alg. When I installed the previous version of driver (verisign signed), I never had a windows security warning screen pops up asking "Would you like to install this device software". But with new Digicert I have that warning pops up. I'm trying to avoid this warning as my software is usually installed in an unattended environments. Things I have tried so far

  1. Updated my windows 7 with below updates to support SHA2 code signing
    KB4474419 and KB4490628
  2. Tried adding the certificate manually under Trusted Publishers list using certutil
  3. I don't think cross signing by Microsoft is not a solution becuase this is Windows 7 and I read in another forum someone having the same problem and Cross signing didn't help.
    Any help with this is highly appreciated.

I'm guessing you've been out of touch for a while.

Cross-signing is no longer possible. The whole framework has been shut down. All packages have to be signed BY MICROSOFT, either through WHQL or through "attestation signing" through the same portal where you submit for WHQL.

The trusted certificate thing should work, assuming you control these machines administratively. I know people here have reported success. It's not always obvious which store to use, but my guess is your success will come from there.

Cross signing required a certificate from Microsoft that matched the certificate authority (CA) that issued your certificate. Windows 7 has been end of support for several years and cross certificates have not been issued for current CAs. I do not believe there is a way to properly sign a Windows 7 driver anymore.

Many years ago I did the trick of adding to Trusted Publishers for unattended installs but I believe that only worked to suppress the "nice" dialog which had the checkbox to "Always Trust".