Can you please send us the zip file from the 'Collect Diagnostics' button on the general tab? Also, if you can get the PatchMyPC-ScriptRunner.log from a client that tries to run that install, that would be good too.
What is the specific file that is triggering this?
I suspect this is PatchMyPC-ScriptRunner.exe. This file is updated somewhat regularly and because of this Symantec will trigger on it occasionally. Note the 'Current Reputation' and 'Historical Reputation' that 'There is some evidence that this file is trustworthy'
When we first update this binary we see the occasional customer who will have this flagged. As more customers update and Symantec is aware of the file the alerts stop based n their updated definitions.
For more context, ScriptRunner is our wrapper for doing installations and does have bits of code that can do a lot of tasks as system and can be a trigger to AV. This includes user impersonation and querying various bits of system information.
Are you possibly able to trust a signing certificate?
We do not officially support using this for other purposes, but you are more than welcome to interpret the package.xml files and attempt to use them for your own purposes assuming you have a PMPC licence.