My guess is that it's due to the many low-level things going on in S+. To start, it installs its own, not registered with a legit CA, certificate. In addition, it installs both a low-level mouse and keyboard hook which is a very suspicious thing for normal programs to do.
There's no virus in the EXE at the time it was packaged and uploaded to the website. As a registered user of Trend, you can submit an evaluation for them to perform an analysis and reclassification.
I just uploaded all four of the latest release EXEs (re-downloaded from this site) to VirSCAN.org and it reported nothing found, including passing it through Trend Micro.
As I said, my guess is it's thinking S+ is doing shady things since it installs many low-level hooks; but that's just the nature of what S+ needs in order to work properly. You're free to handle the situation as you see fit, but you may need to add it to an exception list or something. |