[mpettitt]

I suspect it may relate to the way it accesses other executable file directories - it scans for the RCT2 data files, which are in another executables folder structure, so rather than just sticking to the install folder and the shared documents area, it's looking at other files, which could reasonably trigger a virus scanner looking for "weird" behaviour.

[codeflo]

Virus scanner false positives are slowly becoming my personal hell. From my experience, they aren’t even remotely anything as sophisticated as you suggest, but the fact that people believe that antivirus software can actually do this kind of analysis helps the vendors sell their snake oil. If they would be triggered by any actual behavior, changing random compiler flags wouldn’t usually remove the false positive. But you have to do that kind of tinkering, or users will be scared.