We automatically blacklist nodes that send invalid blocks or transactions, or send too much data, or do similar violations of our network protocol. Centralized node blacklisting is not better than centralized blacklisting of transactions, no way we can do that.
Indeed, mining software commonly triggers false positives, because there are viruses that actually mine coins on the victims computers, and some fingerprint of the mining code gets listed in the antivirus databases. So at least the miners community is familiar with the problem. About the general public, maybe Avast and the others can be asked to whitelist NRS and the outgoing requests it makes. No idea what their policy is about that, especially for an open source software with no company behind it.