Modern anti viruses and security tools use signature based detectors and TTP based detectors (tactics, techniques, and procedures or the HOW of how attackers breach a system). If a signature (think of a programs name) matches a bad signature or looks like a signature that follows a “bad code” pattern, it will get flagged. Since a computer doesn’t know that you, in fact, want this file to change something on purpose, it will usually quarantine it or remove it automatically. Better safe than sorry they say.