About the malicious tag, it’s probably a false positive from Microsoft. There’s something called a code signing certificate that most indie applications don’t have because it’s expensive (often over a hundred dollars), and sometimes Windows flags those as “malicious.”
