yes should be AV.
Of course I can assure that thinBasic and thinBundle in particular has not any threats inside but it uses some techniques that can be considered a threat from an AV point of view.

If you can switch off your AV for a while and test again and tell me.

Also I've created a little modification in thinBundle and released a new thinBasic version for you to test and see if it makes any difference:

Last: if you have some log from your AV and can attach here, I will directly contact McAfee.
It happened many times in the past that AV detected something strange in some thinBasic modules, I contacted AV producer and most of them reacted very nicely after some days.