The best resources are this blog post and this blog post.
To sum up:
- Sign you package with an authenticode signature.
- Don’t be malware (I’m sure you got that covered).
- Logo your software (if it’s not a browser plug-in).
This can be a frustrating process, so hang in there. Microsoft has not disclosed how many downloads one needs to build a reputation, but in practice once you stop changing the package (the hash is part of the reputation) then you can get past this fairly quickly.