Additional files can be added to Esri packages. These additional files can include controls and applications (*.ocx, *.exe, and *.dll files) that can be downloaded and run on a user's computer. These executable files can be risky to download and run. In order to provide guarantees of authenticity and integrity of executable files (EXE and DLL) included in a package, only digitally signed executable files are allowed to be added to a package. A digital signature attached to an executable file positively identifies the distributor of that file and ensures that the contents of the file were not changed after the signature was created.

For information about digitally signed files see the MSDN Library

https://docs.microsoft.com/en-us/windows/desktop/SecCrypto/signtool