Security software often flags Universal Extractor as malicious. But don't worry, UniExtract 2 is safe - if you downloaded it from the official source (https://github.com/Bioruebe/UniExtract2).
UniExtract is not malware, a virus or anything alike. As it is open source software, everyone can look at the source code and find out what the software does. If there is something malicious inside, the community will find and report it.
What's worse - saying a harmless tool is malicious or letting a virus slip through? Security software wants to protect you - if this decision leads to some false alarms, that's a trade-off they can live with.
Big companies can put pressure on the developers of anti-malware software, but free and open source programs have a hard time doing so. We have to live with the so called false positives.
Universal Extractor can unpack a lot of different file types. To do this, it bundles many extractors. If only one of them is detected as malware, the whole UniExtract package itself is as well. Even worse, as new extractors are added with an update the probability increases.
Most developers of security software provide a way of reporting misdetections, so they can be fixed. However, it's different for each vendor and sometimes involves a lengthy and inconvenient procedure. Even worse, sending the so called false positive reports usually has to be repeated for every new version of UniExtract.
As this is mainly a hobby project, my time is quite limited and, to be honest, I prefer actually developing the software instead of bothering with this. I try to get UniExtract whitelisted on the most common anti-malware software, but making it work on all existing security suites is just not possible for me. That's the reason why you'll usually see between 1 and 10 engines flagging it when submitting it to services such as VirusTotal.
What does malware often do? - It downloads malicious files.
What does an updater do? - It downloads files.
It's hard to decide whether a program that downloads something is safe or not. Now guess what virus scanners do... Exactly.
AutoIt is rarely used to write software that's distributed to other people, however in the past it has been used to write malware. Many companies choose the lazy way for their security software: AutoIt = bad. This hits a legit software like UniExtract very hard.
Most anti-malware developers have some way of reporting misdetections, so they can be fixed. In case your security software detects Universal Extract as malicious, it would be a great help, if you could send such a false positive report to the company. How this works is different for every program, so please refer to the software's support pages. Thank you!
In most anti-malware products you can exclude specific folders from the scan. Set UniExtract's program directory as an exception and you should be good to go.
If you often encounter false positives, it might be a solution to switch to a better security software.