than is creating a file CursorSetup-x64-2.5.17.exe created fileCursorSetup-x64-2.5.17.tmp the file is unsigned we cant constanly try to whitelist via hash cause its goign to change again we have plenty of applications but cursor the first we face issue on update or instalation how can we allow it in some manner
Hey, thanks for the report. This is a known issue. The Cursor installer (based on Inno Setup) creates a temporary .tmp file during install that isn’t code-signed, so Windows Defender or SmartScreen can flag it in a corporate environment.
A few workaround options, depending on your setup:
Publisher-based allow rule instead of a hash
If you’re using Windows Defender Application Control (WDAC) or AppLocker, create a rule based on the publisher or certificate of the main CursorSetup-x64-2.5.17.exe file (signed by Anysphere). That way you won’t need to update hashes on every release.
Path-based exclusion
Add an exclusion for the temp folder where the .tmp file is created (usually %TEMP% or the folder you run the installer from). This is less secure, but it avoids having to constantly add new items to the allowlist.
Defender ASR rule exclusion
If an Attack Surface Reduction rule is blocking it, you can add an exclusion for that specific rule and point it to the Cursor installer path.
Can you share which Defender policy is blocking the install, WDAC, ASR rules, or standard Defender Antivirus real-time protection? That’ll help pick the best option.