Googling around I found this thread, which raises the 2nd red flag.
It seems that you have yet spend anytime nor effect to permanently fix this problem and that raises the 3rd red flag.
From my perspective, it’s unreasonably inappropriate for a well-received piece of software to keep getting flagged by Windows Defender, even the flag is false positive. Both Copilot, Claude, Antigravity have no such problem.
So I’ll just put a feedback here and wait until the problem is resolved before trying Cursor.
Hey, thanks for the feedback, but it helps to separate two different Windows mechanisms since they often get mixed up.
What you see in your screenshot, “isn’t commonly downloaded”, is a Microsoft Edge SmartScreen reputation warning, not malware detection. It is a reputation based browser check. Each new installer version, like 3.3.30, starts with zero reputation in Microsoft’s system and builds it up as users download and run the file. This does not mean the file is flagged as dangerous, it just means Edge has not seen it enough times yet.
The installer is signed by Anysphere, Inc. You can verify it by right clicking the .exe file, then Properties, then Digital Signatures, or by using See more in the same Edge dialog. If the signature is valid and the publisher is Anysphere, Inc., the file is legit and you can click Keep or Run anyway.
On the feedback itself, the team knows reputation warnings on new builds are a bad first time UX. I can’t give a specific ETA since reputation is largely on Microsoft’s side and depends on download volume for each new version. Our signing and certificates are in place, so the “Cursor is unsafe” concern is a false alarm.
If you decide to try it, the installer is safe. Let me know if anything else looks off.
Reasonable question. The short answer is that switching the updater won’t fix the issue by itself.
The false positive on inno_updater.exe isn’t caused by Inno Setup itself, but by the behavior of any silent auto-updater. A background process downloads and runs executables with no UI, and AV heuristics react to that pattern, not to a specific library. Any alternative updater (Squirrel, NSIS-based, or custom) can hit the same kind of false positives for the same reason, especially on new releases that haven’t built up reputation yet. VS Code, which Cursor is built on, uses the same stack (Inno Setup + inno_updater) and has run into similar incidents.
What the team is actually working on is improving the code signing strategy so these detections happen less often and can be resolved faster (false positive reports to Microsoft, more stable signing for components, etc.). I can’t give an ETA, it’s an iterative process.
The comparison with Copilot, Claude, and Antigravity is a bit uneven. Copilot is built into VS Code (no separate installer). Claude Desktop and Antigravity are much newer and smaller products with a different update flow. Cursor has a much larger installed base and a higher release frequency, and each new version starts with zero reputation.
