False positive detections of the WACUP installer either directly or from the files it uses during installation or the files it installs is an issue that has been going on ever since the first WACUP beta build & sadly is unlikely to change anytime soon.
The main reason for this is that you often need to have a trust rating depending on the anti-virus / malware protection software &/or service being used to be allowed to download & run the installer file but ironically you cannot gain trust until you've downloaded & run & marked it as being ok. Can you see the issue here?
Additionally a lot of the scanning that is done can & will flag legitimate code as untrustworthy which either causes the program to not be allowed to run or specific files will be removed which can just remove some functionality or it can cause a crash (if it's an always required component).
The general fix for the false positive comes in the form of white-listing the installer or the file(s) affected by the relevant anti-virus / malware protection software &/or service but that then often causes newer builds to still be incorrectly flagged & so the cycle keeps repeating.
The simple answer is if you trust the WACUP software then install & use it & if it is as you also believe being incorrectly flagged then either allow it to be run &/or try to report it as a false positive. You can also contact me with details of the anti-virus / malware protection software &/or service so I can then report it as needed.
Other options include looking at online scan results of the installer or it's files such as via VirusTotal or Hybrid Analysis & seeing how many are reporting it as an issue along with the type & level of issue.
However using the likes of VirusTotal should always be taken as a guide & if only a few lesser known services are showing it as being an issue (especially if the naming of the issue is generic) then it can be assumed that the risk of the installer is reasoably low (which is the view that should be applied to downloading anything online).
Typically the WACUP installer has false reports against it from Bkav Pro & Trapmine on the VirusTotal report despite numerous attempts on my part to get them cleared over the past few years. If anyone can provide me a reliable way to report & resolve these then I'd be much appreciative as none of the details I've found online have worked :(
SecureAge APEX also commonly appears but they have a reasonable way of reporting & resolving false positives (even if I need to submit it for every build nowadays).
With Hybrid Analysis it may show a 3-6% detection rate which often depends on what other services were running at the time of the scan along with a generic reason for the detection. However this service which also runs the installer will always report it as being "malicious" if it has any detection results (which as noted above is an issue I've not been able to resolve so far with some of the constant false positive detections). Additionally the main aspect of the WACUP installer that causes problems with Hybrid Analysis is due to the supporting DirectX installer which is run by it when Milkdrop is being installed to ensure that everything it needs to run is present.
There's not too much to be honest & trying to circumvent things would only be making the issue worse :(
Some aspects of how WACUP currently works that can trigger some of the anti-virus / malware protection software due to using methods that are allowed under Windows to allow WACUP to hook & patch out aspects of the Winamp core but are also seen in nefarious software.
By having WACUP transitions away from using the Winamp core then that might alleviate some of the issues as that style of handling will no longer be needed but that still is a while away (with an aim for the end of 2022).
It has also been suggested that digitally signing the installer & also at least the core loader (& maybe also the dlls) that WACUP installs may help but that hasn't been attempted yet nor is it guaranteed to make a difference from comments seen from other software developers (this has been hindered mostly due to concerns about providing a load of personal information to an effectively unknown company to confirm I am who I say I am).
The final obvious one is to use something instead of NSIS as the installer used. This isn't really something I want to do as I'm otherwise happy using NSIS & it's not like I can do much about those using it for nefarious means as can also be done with other installer technologies.