Cursor installer and updater are generating files in temp directory which are blocked by smartscreen. Normally, we’re able to unblock, but are unable to do now as new files are generated each time. This is new, it worked ok previously up to ± last week.
Steps to Reproduce
Enable smartscreen and attack surface detection rules, try to install cursor.
Expected Behavior
Cursor should not create temp files in the user’s directory, and not clean them up every time.
Hey, thanks for the report. This looks like a Windows Defender SmartScreen issue that has recently affected some users. Temp files created during installation or updates can trigger the security filters.
What to try:
Temporarily disable SmartScreen during installation: Windows Security > App & browser control > Reputation-based protection settings > turn off “Check apps and files”
Add an exclusion for the Cursor installation folder and the temp folder in Windows Defender
Disabling SmartScreen temporarily during installation is not feasible in corporate settings. Adding an exclusion for the Cursor temp folder is also inadvisable due to security risks.
This is a Cursor issue, not a Windows Defender problem, as the temp file, an unsigned PE executed by the installer, triggers the block (as it should).
@deanrie@condor
SIncere applogies for looping you guys in here but just feeling helpless as mostly there are crickets in all bug reports related to the issues. Sad to see lots of support tickets are getting closed without any help due to days of inactivity.
Hope one of you could help.
cheers
Thanks for the follow-up @Nikunj_Sanghadia and apologies for the delay.
@Rune is correct - this is a legitimate issue with how the installer generates unsigned temp files. The workarounds aren’t suitable for corporate environments with managed security policies.
I’m escalating this to the engineering team as it requires either signing the temp executables or changing the installer architecture. This affects enterprise users who can’t disable security controls.
I’ll update this thread once I have more information from the team. Thanks for your patience.
@deanrie thanks for the acknowledgement. Just got an email from Cursor informing of the new Cursor version 2.0 update and was hopeful that the issue might have been resolved, only to be disappointed that it’s not yet. It sort of frustrates as well because we are all stuck on the old version despite paying the subscription price.
Hopefully the issue has been raised with the respective team and will soon be resolved.
Also, signing does not always solve the issue. We use attack surface reduction rules, which warn for newly created files on execution and some others.
Users can unblock these after reviewing as it’s only a warning, but the installer generates a new file when it’s run again, which requires a new unblock action. Creating an loop.
