Some products may use a downloadable eXtensible Application Markup Language (XAML) Browser Application (XBAP) also known as ClickOnce. This uses the C:\Windows\syswow64 or System32\PresentationHost.exe, which is part of the .NET, to provide the runtime environment. The file resources for the application are automatically downloaded to %LOCALAPPDATA%\APPS\2.0
Security certificates are used to assess security and if the requirements are not met the user is prompted to confirm running the application.
When a ClickOnce application is being launched on a user's desktop the first time, the .NET Framework runtime will first check to ensure that the application manifests have not been tampered with since they were signed with whatever publisher certificate was used for signing. If they pass that check, the runtime will then look into the Trusted Root Certification Authority store and see if the certificate for the issuer of the publisher's certificate is installed in that store. It will then look at who the publisher on the certificate is, and see if their certificate is in the Trusted Publishers store. If those two things are true, then by default the user will not be prompted, and the application will be granted whatever privileges are specified in the application manifest file. from - https://msdn.microsoft.com/en-us/library/ms996418.aspx
More information
https://msdn.microsoft.com/en-us/library/z17ceyya%28v=vs.80%29.aspx
https://msdn.microsoft.com/en-us/library/t71a733d(VS.100).aspx
https://leastprivilege.com/2006/02/18/beware-be-aware-of-clickonce-default-settings/
https://robindotnet.wordpress.com/2013/02/24/windows-8-and-clickonce-the-definitive-answer-2/
http://www.informit.com/articles/article.aspx?p=691085&seqNum=2
click once