All AV ignores files which are concatenated to an MS-signed file? Huh, presumably you mean only on Windows, but really? No AV treats .jar files concatenated with signed MSI as suspicious -- how did that situation arise?? It's a strange heuristic.

Isn't it like having a special 'I know my bag smells like drugs to sniffer dogs but I promise I don't have drugs' channel at airport arrivals; and when people go down that channel you don't bother to check their bags.

Yes, kind of like that. That’s basically the point of digital signatures (when they don’t have a bug to bypass them, like in this case).

They don’t treat concatenated malicious files as safe, they trust that files signed by MS are safe. You aren’t supposed to be able to concatenate a file and still have the signature check out. That’s the bug.

If you want a good reason why, ask McAfee about the time that they incorrectly detected svchost.exe as a virus and made every customer’s windows machine around the world unbootable.

Don’t we have that? I don’t think TSA pre-check goes through the sniffers. Not sure what benefits that gives on arrival. I know there’s an express lane on the US/Canada border though.