Because AV stuff seems to be so much smoke and mirrors (and marketing??).
You can find tons of reports of people complaining about various AVs marking rare games, rare exes, any exes in zips, etc. as viruses or possibly dangerous. They also assign idiotic labels like rootkit, worm, trojan, etc. despite these having proper definitions.
Another thing is that almost no one who hasn't taken a statistics, medical testing or similar-ish class (or got told by someone who did or ran the numbers themselves) understands the implication of even very small false positive ratios if what you're looking for is very rare. E.g. if an AV has 0.1% false positive ratio and 100% real positive (meaning that if it sees a virus - it
always catches it) it's still quite bad because of how rare viruses are. With those ratios, if you scan 5000 good files and 1 virus you will get 6 hits - more noise than signal. For context - I've never seen a virus out in the wild (although I'm not a regular computer user) but on my machine I have a bit over 8200 exes and 40 000 dlls right now.
UPX compressed files are also common false positives, as is UPX itself. Same with AHK (base exe is fine, any compiled script - even an empty one which is what I tried - can be marked unsafe or trojan, and compressed with UPX it gets different labels from different AVs and some that have caught it before compression now don't catch it but some others now do but didn't before).
I used to run a different AV than I do now and it kept
deleting my own compiled exes because they were not widely used (at least they didn't get called a trojan or some other random label and I got a real reason).
I've also tried my Botes program (it's a GUI app in Pascal, not related to SFML) - it's safe when debug info is stripped, otherwise it's a trojan according to 1 AV. Compressed with UPX without debug info - still fine. But explorer.exe from Windows is fine only without UPX, with UPX it gets flagged by one AV too. I've no idea what's the pattern.
Some people's answer to random stuff getting detected falsely (by often paid products no less): stop using UPX (an open source tool with 100% public spec of how it works, what it does, etc.) because
it causes trouble.
I also tried Eicar (the test string for AVs), several AVs didn't catch it and the 'community' votes were like 60% safe 40% unsafe (despite all catching AVs saying 'TEST-FILE-SAFE', etc.)...
I tried all dll, lib and exe files from SFML-2.5.0-windows-vc15-32-bit.zip and unless I missed some the only one that is detected as a virus is this example:
https://www.virustotal.com/en/file/a11d0bc18188d1dcdfa7cf75192fe992a71e1d0c1e51ed0248ed876501b11bf6/analysis/1525988276/Maybe some of the pdb files get detected as viruses because debugging information = scaaary (just like my Botes got flagged if it had debug info included in the exe).
It's really hard to take some AVs seriously between stuff like that, pricing, using Sciter for their candy tablet like and very out of place in Windows UIs (just look at the products
https://sciter.com/ lists as users - almost all are AV or similar).
7z.dll was also recently found to have a hole allowing arbitrary code execution and many AVs (supposedly) use it to scan rar and 7z contents. They can afford pricy Sciter but I wonder how many of those vendors have donated money or bug fixes to 7z if they didn't even bother auditing it for coding errors before running it as part of an AV...
