Currently I have attached the "exe" that depends on my installer. I created an msi package using the Wix toolset.
However, Windows accuses unknown vendor and warns of danger.
I know for that I would need a code sing certificate.
But I am thinking about publishing this program in the microsoft store. I don't know if it is possible since I depend on an outsourced "exe".
And if so, does it solve my problem? Because the certificate is much more expensive.
Indeed, publishing the app in the store will solve your certification problem and the system will not mark it as untrusted. If you don't publish in the store, not even buying a digital certificate will remove that warning. Microsoft uses a complex reputation system to mark apps outside of the store as trusted, since yours is new it will take a few thousand downloads to get it trusted, that could take months.
There are some extended validation certificates that you can buy and according to Microsoft docs this should speed up the validation process, but these cost even more than a standard code signing certificate, so I guess this is not an option for you.
You can define dependencies for an MSIX package published in the store, but those dependencies must be packages as MSIX too and be present in the store. Basically, you need the package ID and name, from your dependency package.
The article I linked above is pretty lengthy, but make a search for "dependency" and you will find more details.
If your dependency is not in the store then you cannot declare or upload it (together with your package) as Microsoft does not accept EXE installers in the store.
