Why is Spectrum runme.exe reported as infected?

Document ID : KB000111052
Last Modified Date : 14/08/2018
Show Technical Document Details
When we start the update on Windows from 10.2.2 to 10.2.3 with GEN500000000001220.exe we have a virus alert.
Checksum is OK so it is the original file. When we run it, it is unpacked and one of the files is runme.exe

Alleged Virus information.
34 engines detected this file
Is the file runme.exe which is extracted from GEN500000000001220.exe a threat?

I have discussed this issue with the Cybersecurity team and it was found that since runme.exe is, in turn, calling setupnt.exe, the file is being listed as a threat.
This file just changes the directory and calls the setupnt.exe, so is completely harmless.

cd ./setupnt.exe

This issue can be resolved as follows:
1. Remove the concept of runme.exe and ask the customers to directly install from setupnt.exe/setuplin.exe/setupsol.exe
2. Whitelisting the runme.exe from customer’s side:
If the Windows/Linux executables are downloaded with correct checksum’s provided by us then this file(runme.exe) should be treated as a safe one.
Customers should add the runme.exe in the whitelist and then run the virus scans.