I want to answer this question myself as I think there is some pretty huge misunderstandings here. You can make your own certificate and add it to your own store and then the UAC will be blue/green and the publisher will be shown. 100% trust. Of course the key is that the CA certificate you made has to be in the store. This is the bit that causes the problem for deployment, but I hope that if I take my certificate along to other computers I can add it to the store and then I will be shown as the publisher.
I had a few issues with my certificate which I needed to fix. I knew I had issues by using
signtool verify /v /pa mysigned.exe
This told me that things were not correct and what to fix.