Why is Spectrum runme.exe reported as infected?

Document ID : KB000111052
Last Modified Date : 14/08/2018
Show Technical Document Details
Introduction:
When we start the update on Windows from 10.2.2 to 10.2.3 with GEN500000000001220.exe we have a virus alert.
Checksum is OK so it is the original file. When we run it, it is unpacked and one of the files is runme.exe

Alleged Virus information.
https://www.virustotal.com/#/file/9fcb2a6d869efbd24826dc545bad62b09d69ae1a6072a3504c63202ef81e9b78/detection
34 engines detected this file
 
Question:
Is the file runme.exe which is extracted from GEN500000000001220.exe a threat?

 
Answer:
I have discussed this issue with the Cybersecurity team and it was found that since runme.exe is, in turn, calling setupnt.exe, the file is being listed as a threat.
This file just changes the directory and calls the setupnt.exe, so is completely harmless.

cd 10.02.03.00 ./setupnt.exe

This issue can be resolved as follows:
1. Remove the concept of runme.exe and ask the customers to directly install from setupnt.exe/setuplin.exe/setupsol.exe
or
2. Whitelisting the runme.exe from customer’s side:
If the Windows/Linux executables are downloaded with correct checksum’s provided by us then this file(runme.exe) should be treated as a safe one.
Customers should add the runme.exe in the whitelist and then run the virus scans.