I already posted on GitHub and now I’m posting here again.
Update: After reinstalling, it still happens.
was using it normally when Cursor repeatedly closed, and Kaspersky flagged it as a trojan before deleting it… There was an update today, but I don’t remember if there was another one recently.
Event: Malicious object detected
Application: Cursor
User: XXXXXX
User type: Initiator
Component: System Watcher
Result description: Detected
Type: Trojan horse
Name: PDM:Trojan.Win32.Generic
Threat level: High
Object type: Process
Object path: C:\Users\xxxx\AppData\Local\Programs\cursor
Object name: Cursor.exe
Reason: Behavioral analysis
Database release date: Today, 09/29/2025 13:40:00
MD5: 1F0E626623BC4D7E8B68D9663B1AA39D
hi @lucianoGG this is a not a trojan report but a very generic false positive that we have seen before though it is rare. Closing itself, trying to installing new version and similar steps are features apps do nowadays regularly. What is likely is that Cursor tried to update itself but antivirus prevented it by locking update installation files.
Could you please post the exact Cursor version you have as the website was updated and we released also an update in the meantime.
You may have to reach out to your antivirus provider to check and fix this false positive detection.
Thank you for the additional info. While it was not during update the case is still the same. Cursor has to execute terminal, 3rd party extensions, MCP servers and other features that may appear as suspicious. As there are many antivirus providers and this is a false positive overall, it is recommended that you reach out to your antivirus provider and let them check.
