I took a brief glance at the file and I can definitely understand why some AV is thinking it is suspicious -- embedded in the middle of the installer .exe is what appears to be another .exe which has been obfuscated by XOR'ing each byte with the value 7 (suspicious point 1)[1]; I tried extracting and unobfuscating it but it seems not the whole file is actually obfuscated, although from what I could see of the header it's been packed with UPX (suspicious point 2). I didn't go deep enough to figure out where the XOR'ing obfuscation actually ends, so I couldn't unpack that one and explore further, but this would be enough for me to think it's trying to hide something.
Like you stated, it really looks like it's been packed, but I can't state it's UPX or something else. Many
EXE packers do this, and although it isn't harmful at all, it does triggers some anti-virus (false positive).
They work by compressing and/or obfuscating the original EXE and then injecting an on-the-fly decompressor on the resulting EXE. When the resulting EXE is run, the runtime decompressor loads first and then takes care of decompressing and loading the original code. As you can see, injecting lots of executable code in memory at runtime looks a lot like virus activity - and the code to do that is the same as many virii, but in this case it is legitimate and harmless.
In the past days of dial-up internet, when bandwidth was limited, HDDs where very expensive, and floppy disks were popular, I used UPX and ASPack a lot to distribute software I wrote. The intention was just to make the EXE smaller. Nowadays it's also used to protect IP and prevent debugging, cracking and reverse engineering. I am sure that is the case. I'd rather give Rigol the benefit of the doubt and ask them directly if this is a false positive triggered by a runtime packer. If my suspicion if confirmed, it'd smart of them to have a note on their site that some of their files do trigger some anti-virus because of runtime packers that are used to protect their IP.