Some anti-virus hits alarms in the wallets because it making extraction of files in %appdata% folder and this extractions AV reading them as thread but isn't. The threads is the Trojan horses or malicious codes and if someone hacker want really to hide them its very difficult to find it.
The results:
Avast FileRepMalware [PUP] 20171105 (thats is normal)
AVG FileRepMalware [PUP] 20171105 (thats is normal)
Endgame malicious (high confidence) 20171024 (thats is strange but i don't know why give this result)
ESET-NOD32 a variant of Win32/BitCoinMiner.BJ potentially unsafe 20171105 (thats is normal)
Sophos AV Bitcoin Miner (PUA) (thats is normal)
Regards