Checking in that we had a few of our users noticing this problem. And by noticing, I say that they were blaming us for distributing a virus.
We all agree here that it's nothing that NSIS has done wrong and is simply security software developers not checking the differences between NSIS running and the offending software. However, this causes problems because users have no concept of this. What we're asking users is to say that the program that protects them from the cyber-baddies is incorrect. While we certainly aren't trying to infect people with bad stuff, I don't see how they would trust us saying that.
So how do we fix this problem? Should we have a generic NSIS installer setup for security software manufactures to check against? An installer where it compiles all the elements of NSIS but is already known as a safe program. Then security manufactures can check against the known clean NSIS and see if the signature they are detecting is a false-positive.
This has been the third time this calendar year that something like this has come across our studio, so I'd like to start ways to make sure these false-positives don't happen.