Are there any specific requirements for code signing custom files so that they are recognized by the App Control agent on Windows endpoints?

• App Control Server: All Supported Versions
• App Control Agent: All Supported Versions
• Microsoft Windows: All Supported Versions

The User Guide states: 

A publisher appears in this list if a file had a certificate identifying the publisher and the signature was considered valid by Windows.
However, a file identified as being from this publisher can be approved by publisher only if all certificates in the certificate chain for that file are considered valid by Windows. For example, current root certificates must be installed for a certificate to be accepted."

This is the only requirement for code signing custom files, and the agent will accept intermediate and leaf certificate configurations as well.