Keyloggers in themselves can be there for a legitimate purpose, e.g. someone installed them to keep an eye on activity, or malicious use if installed without consent. There is the problem how doe an AV determine intent, like many tools they can be used for good or evil.