ClickOnce Deployment of Code Signed applications is deficient in Visual Studio Express 2012. The on-line documentation on ClickOnce deployment in Visual Studio 2012 is also deficient and incorrect.
The mechanisms for "code signing" in Visyal Studio Express 2012 only result in the ClickOnce setup.exe installer being code signed. The deployed / published user application is NOT code signed during the ClickOnce deployment procedure.
It is necessary for the developer to download the Microsoft SDK containing "signtool.exe" and add a "BeforePublish" event to the Project File (.vbproj or .csproj) e.g. as follows:
<Exec Command=""C:\Program Files (x86)\Windows Kits\8.0\bin\x86\signtool.exe" sign /f "$(ProjectDir)MyComodoCertificate.pfx" /p MyCertPassword /v "$(ProjectDir)obj\$(ConfigurationName)\$(TargetFileName)"" />