I am using Kaspersky and it detected curser-agent as Trojan. These are details
```
Event: Malicious object detected
Application: Node.js JavaScript Runtime
User: s\upupu
User type: Active user
Component: System Watcher
Result description: Detected
Type: Trojan
Name: PDM:Trojan.Win32.Generic
Threat level: High
Object type: Process
Object path: C:\Users\upupu\AppData\Local\cursor-agent\versions\2026.04.17-787b533
Object name: index.js
Reason: Behavior analysis
Databases release date: Today, 20/04/2026 15:07:00
MD5: 858659C5B8406441EBF0018DCD58DC1F
```
Hey, this is a known false positive from Kaspersky. Its PDM Proactive Defense Module is behavior-based heuristic analysis, not signature detection. cursor-agent is a Node.js CLI that does what any dev tool does, like outbound API calls, running terminal commands, spawning child processes, and talking to MCP servers. For PDM that can look suspicious, so you get the generic detection PDM:Trojan.Win32.Generic.
A few similar threads with the same detection:
- Kaspersky Flagged Cursor IDE as ClipBanker Trojan on Windows
- Kaspersky accusing Cursor of being a trojan
- Trojan in Cursor
Workaround: add the full path C:\Users\upupu\AppData\Local\cursor-agent\ to Kaspersky exclusions, including the versions subfolder. It also helps to submit a false positive report directly to Kaspersky so they can update their detections faster: https://opentip.kaspersky.com/
If something still gets triggered after the exclusion, tell me and we’ll take a look.