Microsoft and Chronicle’s VirusTotal have teamed up to better detect signed signed MSI files that have been modified to include malicious Java archives. Microsoft updated their Sigcheck tool to indicate if a signed MSI file has been tampered with. This new detection can be found in Sigcheck 2.70 and is being used by VirusTotal to detect modified signed signed files when they are uploaded to their service. Microsoft has not decided to fix this issue in the current versions of Windows 10 and Java Java SE.
Source: https://www.bleepingcomputer.com/news/security/microsoft-and-virustotal-team-up-to-detect-malicious-signed-msi-files/