umo windows build is flagged as malware/trojan

Ronik did a nice summary:

The umo tool is written in the Python programming language. This has one large downside - there isn't really a fool-proof way to distribute Python apps without having the Python interpreter installed on your computer as a requirement.

As we have seen that people who aren't Linux users (where Python usually comes preinstalled with your distro) or programmers tend to struggle with using Python scripts (like Groundcoverify), we wanted to distribute the app in a way that wouldn't require you to install it. The initial builds have used a tool named pyinstaller (which bundles the umo modules, Python and its dependencies in a single package), but later we have swiched to a compiler named nuitka that, roughly speaking, compiles it as a C++ program, in hopes that it wouldn't trigger as many false positive virus detections.

Unfortunately, it has only helped to a point. There happens to be a lot of viruses written in Python that use pyinstaller/nuitka to create an executable file for the distribution, so apps like this tend to trigger the antivirus detection. This is well documented (try googling "pyinstaller false positive", or check this article), and the only real way to mitigate this is to regularly request Microsoft and other AV companies to scan the file through their false positive report forms. We are already doing that with Microsoft, and will probably have to start doing with other AVs, but with every new release we'll have to go through the process again, just to be safe.

We'll continue to explore different options to mitigate the false positive issue, but unless we just go back to requiring the Python interpreter as a hard requirement, it's unfortunately likely to remain there in some form. The tool is open-source, so anyone can check the code, including the build pipeline, to find out that the tool doesn't do anything harmful.