Please use the defender/your antivurs system to report that this is a false positive.
The only way to prevent it from labeling it.
Read about code signing, all those AV alarms are -heuristical- analysis because executable comes from an -untrusted- source(interwebs) and -unknown- publisher. When publisher is known thru a chain of trusted CA all heuristical analysis usually shuts down and only classical signature search stays which has nothing on chobby/spring
They also state there is extended validation available for 800$/3 years(200$/year) to bypass windows SmartScreen... not sure if it worths it, even basic signing should alleviate most of those problems
Basically when executable is signed it allows to
- verify publisher's identity(which gets recorded by CA that gives u the certificate)
- ensure that executable has not been modified since the time it's been signed by publisher
Those 2 are enough to ensure it's not a malware, and if it is means certificate been stolen/publisher went rogue => certificate can be blocked/revoked.
Reduces malware spread by 99.99%