I'd imagine that if it's flagged as malware, this is correct procedure; you don't want to let users accidentally side-load malware either (too many real-world examples of people falling for "Go to this dialog, click this option, NOW click the link and it should work" attacks).