Your case is different from the other threads and has nothing to do with "downloads". You have enabled the "Verify Code-Signed Install at Startup" option. That means you instruct the installer to let Windows check the code-signature of your setup. But Windows reports that the signature of your file is invalid (signature broken -or- can't be verified, etc.).

From the Microsoft site: "When signing an executable file that is larger than approximately 300 megabytes for use on a computer running Windows XP with Service Pack 2 (SP2) and later [...]. Depending on the available system resources of the computer on which the file is verified, some applications may not be able to verify the binary signature of a large file. For more information, see KB article 922225."

There is still a MS code-sign limitation even on Windows 10 and Server 2016 machines, but it's not documented (depends on the Windows patch level, system resources, and more). Check manually if the code-signature on file #4 is valid. If this is the case, then it's not caused by the code-signing process (signtool.exe) but by the verification side. Please note, this is not related to SetupBuilder. It's a Microsoft Authenticode thing (sometimes signtool.exe related, sometimes PE Header related, sometimes Windows system resource related)!

Side note: From time to time, Windows needs a root certificate update (it's done automatically) to check for revoked certificates. If a machine has an "outdated" root certificate (e.g. user kills the Update service or computer not Internet connected for some time) then Windows might return a "certificate not valid" status.

Some interesting threads: