I use that browser also and do the same. Since the hash changes, we have to do a new “ask to connect”. Otherwise someone could just call their malware opera.exe and it would bypass our firewall.
If you have some other ideas on how to solve this we’re glad to hear. For example maybe we should offer a mode where if an app has no cert signed then it receives an “ask to connect” prompt, but others do not?