This comes up from time to time, maybe we should add a prominent note somewhere (maybe even a locked sticky forum post). Last time seems to have been this one.
Basically it boils down to false positives based on the AV vendors using silly metrics. All Nim programs will share a little bit of "DNA", and some people have written malware in Nim. This has probably been picked up, and without enough non-malware Nim programs in their fingerprinting routine AV vendors just flag all Nim programs. I believe Go had the exact same problem some years ago (but with Google backing it's probably a lot easier to get AV vendors to get their shit together).
Widows defender has a built in facility that allows the user to disable it for a short period. This allows 'problematical' files to be downloaded without any virus blocking. Defender automatically reinitialises after a short period.
The setting is Settings->'Virus & threat protection'->'Virus & threat protection settings'->'Real-time protection'
Maybe this information should be added to the windows download instructions.
Widows defender has a built in facility that allows the user to disable it for a short period.
It also allows you to flag directories to not be scanned. So, create a special download dir for nim then download it to there. Then you have to create all the dirs Nim uses and flag those. Then you can install Nim.
@enthus1ast, the description of the second rule itself is crazy: "doesn't have to be a hack tool or malware - it's just very likely" :-/
I know this could start a game of cat and mouse, but is there something that can be done on the nim compiler to make it harder for these kinds of "malware detection tools" (if they can be called that) to detect nim executables by using these kinds of simple match rules? For example, can the nim compiler remove ".nim" from the names of the files it includes or something like that? Is it possible to somehow randomize the program binaries more?
There where some slides (i think from the NSA) that talkes about red teaming with Nim. They used some advanced features to "get rid of the Nim" stuff. So nim felt more like a c, but was way less detectable.
I do not find them again unfortunately. Maybe someone else knows those.