You're talking about WinBox Loader that is version 2.x. It's not supported anymore.
This topic is about WinBox v3, it does not download any executable code, only some text data files.
No matter what version is vulnerable, signing all executables is a good practice to prevent it from compromising your network and secure all stuff
Since there is Netinstall already signed with EV certificate, it would be good to sign Winbox 3.x too
According to this
post from v6.42rc updates
All code will be trusted by Win10 Smartscreen at least