Cursor blocked by Microsoft Defender because of its vulnerabilities

enu · October 30, 2025, 9:29am

Where does the bug appear (feature/product)?

Cursor IDE

Describe the Bug

Two days ago Cursor stopped to work in our domain. It came out that the whole cursor com domain is blocked by Microsoft Defender because of malware threat

The reason probably is the following report from 21/10/2025 showing that Cursor is a fork of a vulnerable version of VSCode.

Forked and Forgotten: 94 Vulnerabilities in Cursor and Windsurf Put 1.8M Developers at Risk (https://www.ox.security/blog/94-Vulnerabilities-in-Cursor-and-Windsurf-Put-1-8M-Developers-at-Risk/)

Steps to Reproduce

Try to log in in Cursor or open cursor com web site in a browser (desktop/phone) in a domain protected be Microsoft Defender

Expected Behavior

Being able to log in or see cursor front page

Screenshots / Screen Recordings

Operating System

Windows 10/11
MacOS
Linux

Current Cursor Version (Menu → About Cursor → Copy)

Version: 1.7.54 (Universal)
VSCode Version: 1.99.3
Commit: 5c17eb2968a37f66bc6662f48d6356a100b67be0
Date: 2025-10-21T19:07:38.476Z
Electron: 34.5.8
Chromium: 132.0.6834.210
Node.js: 20.19.1
V8: 13.2.152.41-electron.0
OS: Darwin arm64 25.0.0

Does this stop you from using Cursor

Yes - Cursor is unusable

condor · October 30, 2025, 5:28pm

hi @enu and thank you for the detailed report. We have forwarded the information to the team for review.

danperks · October 31, 2025, 11:19am

Hey, thanks for the report here!

Especially in Enterprise environments, IT admins can choose what rules are enforced by Windows Defender. As I have not seen a high volume of reports from other users, this is likely a consequence of one of those rules!

The best course of action would be to:

Hit the Let Us Know button as shown in your screenshot, to submit a report to your IT team / Microsoft telling them the site is safe
If you are authorized to work with Cursor, report direct to your IT team that this is safe and needed for your work - they should be able to diagose and fix this easily
In the meantime, use the Continue to site button to bypass the warning, knowing that our official cursor.com domain is safe to use!

Thanks for your report, and do let us know how you get on with this!

Topic		Replies	Views
Why does Cursor stil try to phone home to Microsoft servers? Bug Reports	4	93	October 1, 2025
Cursor has disappeared from my system Bug Reports	5	112	October 29, 2025
Update blocked by Windows Defender Bug Reports	3	64	October 24, 2025
Visual Studio Code extension plugin for Cursor Feature Requests	1	770	September 13, 2024
Norton thinks Cursor operations and files are virus Bug Reports	6	93	September 21, 2025