Hey, since Cursor has built-in API connections, both outgoing and incoming, the antivirus might consider it a virus. You can add Cursor to the exceptions.
Of course it is a false positive, but the point is for Cursor to be aware and try to avoid being labelled as a trojan when we both know that there is no trojan (at least not voluntarily).
Could you share the elements leading to this deletion ?
Because I’d venture to say Windows using a service to take screenshots every few seconds even if you opt out Recall has not been deactivated.
Also if you happen to use chrome (brave, chromium, edge, ungoogled-chromium, opera), it may be interesting to remember:
Google massive data breach of user passwords. If used, and because chromium/electron share a whole range of SHARED uniquely identifiers (ipc-crash-handler, V8, countless others) leaking in realtime metadata, it enables lateral movement spread accross your entire range of electron apps.
Pixel - yandex exploit using a frontend - because these apes real engineers consider roughly equal to vibecoders - make frontend code using root privileges with the ability to benefit to any process tied to the node having it - with a known bounceback enabling interception by ‘shadow_root’ - and the browser will consider it ‘null’.
Kapersky will not tell you so I’m gonna even give you the question to ask: ‘if a process is able to autosign legitimate windows certificates, whitelist itself from windows defender and its registry, open autosigned RPC endpoints, and spread, rewrite entire registries to the extent it can even temper safe reboot, would it be the reason you wouldn’t even dare make a press release about it despite alarm bells for more than a year ?”
Think about it, if an update could brick WORLDWIDE windows servers for days and blackout the WORLD airline systems, do you even believe there is a remote chance an antivirus could save you ?
After following the steps to exclude cursor.exe in kapspersky, it did it again now. as soon as cursor tries to modify a file, kaspersky sees it as a trojan and quarantines the file. It is a false positive, but that doesn’t change the frustration of why this is happening, how to prevent it and why has this just stared after 6 months of using cursor.
i have a persistant state level penetration war going on and the cursor method to update the Windows registry was being abused - that cursor registry managemnt method needs to be limited to cursor only - as of right now anything can edit your registry using cursor methods
Its a really big hole in cursor security
Kaspersky is keeping pretty busy monitoring my laptop too
GPT-5 is a fantastic APT hunter destroyer next level defense, better than any antivirus
