I don't know if using NSIS would be any better. I guess I you could try it, but generally the most of the positive virus reports are basically "Susgen" i.e Suspicious Generator, i.e the EXE is not signed, and as I've previously explained multiple times; it is not practical for me to sign the exe because of the cost and also the legal obligations around owning a signing certificate and using it.
There is nothing to stop anyone taking the EXE of the installer or the EXE of the CPS and repackaging it and signing it themselves, if they pay for a signing certificate, but obviously thats not going to happen either.
i.e just take the installed files and run them through NSIS and see if that exe still gets flagged.
In one of my previous day jobs, I developed exe's which my employer distrubuted, and they had to jump through hoops to sign the EXE, including a dedicated PC used to sign the exe, which required 2 factor authentication as part of the signing process.
This is totally unworkable for a project done by a few people who get $0 for doing it.
It would not be practical to port the CPS to linux as it extensively use .NET and third party libraries outside of our control, and its also not OpenSource because we didn't write it. It was written by Radioddity and we just decompiled and modified their CPS
Edit.
I just got NSIS to generate an installer exe from the zip file and uploaded it to VirusTotal and it gets a whole load of new virus warnings
https://www.virustotal.com/gui/file/ce0 ... ?nocache=1
Uploading the zip uses to create the NSIS installer gives less warnings, i.e. which suggests that NSIS is injecting viruses
https://www.virustotal.com/gui/file-ana ... k1MTQwOA==
Uploading the exe on its own gives this report
https://www.virustotal.com/gui/file/648 ... 1196a71250
Basically this just means its an unsigned exe