This is probably a false positive (the Wacatac one esp. comes up a lot) and there is nothing I can do about these.
I have started posting hashcodes for all zip downloads at the bottom of the devlog release announcement posts. If you run certutil on the downloaded zip, eg:
cvertutil -hashfile blah.zip SHA256
...and it comes up with the same SHA256 number, then the file you have received is at least the file I sent, meaning at least it hasn't been interferred with en-route. Past that, it's purely up to you whether you trust that I sent a 'clean' file in the first place or not.
You can also send the file to 'Virus Total' online but that does sometimes come back with a few false positives too - esp. through the 'AI' virus checkers. Bye, Mark