> Sometimes, when I install software from a publisher's code-signed .MSI
> file onto my Win10 box, the elevation prompt says "Windows Installer"
> and that the publisher is Microsoft.
> But the actual .MSI is signed by the publisher. (in this case, it's
> Evernote and signed with sha1)
> Why doesn't the elevation prompt show the vendor as the publisher?

this is a good question. As far as I know, the original digital signature
is removed from the .msi when doing an elevated installation. From the
technical point-of-view, a .msi package gets modified when it is launched
with administrator execution level privileges (the "AdminProperties" stream