We are using the Windows Spice guest tools package https://www.spice-space.org/download/windows/spice-guest-tools/spice-guest-tools-latest.exe available on this page on your web site: Download (spice-space.org)
This package supports silent installation via the /S switch, but Windows prompts to trust the RedHat code signing cert. Clicking allow and installing the package installs this cert, and we can then export that and distribute it in advance to other computers, which then means that the /S results in a fully silent install on those other computers. However, in doing that, we noticed that the cert is actually expired, which is not ideal from a security point of view. Could you rebuild this package with a non-expired code signing cert and post on your website?
Here are details of the expired cert in the package above: