Bypass SmartScreen when downloading Nimbus loader (safe guide)

Why SmartScreen blocks the loader

SmartScreen and Windows Defender block every executable they haven't seen before, not just unsafe ones. The signal they use is reputation — how many other PCs have run this exact file hash without issue. A fresh Nimbus build has a brand-new hash, so reputation is zero, so SmartScreen pops the "Windows protected your PC" dialog on first run.

This isn't a sign anything is wrong. It's a sign the file is new. We push a new loader every time we patch — sometimes multiple times a day — so the loader you just downloaded is, by definition, new.

If you want the long version of why every new EXE on Windows gets this treatment, Microsoft writes about it in their SmartScreen FAQ. We don't link there to deflect — we link there because their explanation is right. The short of it: reputation builds with usage, not with our marketing.

The 90-second walkthrough

This is the whole flow, start to finish. Do these in order.

1. Download from the dashboard, not a forum

Sign in at getnimbus.net. On your dashboard, click the big Download loader button. The file is served as NimbusLoader-latest.exe with a matching .sig file you can verify if you want to (more on that below).

Do not download Nimbus from anywhere else. There are forum reposts floating around — those are old builds at best and rebundled malware at worst. Our hash is published on the dashboard. Compare it.

2. Save to a folder you control

Save the EXE to a path like C:\Nimbus\ or %USERPROFILE%\Documents\Nimbus\. Avoid Downloads — antivirus tools sometimes scan that folder more aggressively, and SmartScreen's "unverified publisher" warning shows there by default.

3. Right-click the file, choose Properties

If Windows downloaded the EXE from the browser, the file is marked as "from the internet". That mark (the Zone.Identifier alternate data stream) is what trips SmartScreen.

To clear it:

Right-click NimbusLoader-latest.exe.
Click Properties.
At the bottom of the General tab, if you see an Unblock checkbox next to "This file came from another computer...", tick it.
Click OK.

That single click prevents SmartScreen from re-checking the file's internet zone every time you run it.

4. Double-click. When SmartScreen pops, click "More info"

You'll see the blue "Windows protected your PC" dialog. The default button is Don't run. Don't click that.

Instead, click the small More info link in the top-left of the dialog. That expands the dialog to show two things:

The app name (NimbusLoader-latest.exe).
A new button: Run anyway.

Click Run anyway. The loader starts.

That's it. From the next time you run this exact version of the loader, SmartScreen won't prompt again — your "Unblock" check plus your "Run anyway" click are both cached against the file's hash.

5. (Optional) Verify the signature

If you're security-conscious, the loader ships with a detached signature file (NimbusLoader-latest.exe.sig) and a public key on our dashboard. You can verify the file came from us, unmodified, with one PowerShell command. The exact command and the public key are documented at /help/smartscreen so we can keep them in one canonical place.

What if Defender quarantines the file?

If Defender is on its strictest profile, the file may not just get warned — it may get moved to quarantine before you can click anything. You'll see a small toast in the corner of the screen and no EXE in the folder you saved to.

To restore it:

Open Windows Security (Start → "Windows Security").
Click Virus & threat protection.
Click Protection history.
Find the entry for NimbusLoader-latest.exe.
Click Actions → Allow, then Actions → Restore.

The file will reappear in your save folder. Run it normally.

If your IT department or family-shared profile has locked down Defender, that's an admin-only setting we can't help with. Use a personal account.

What about third-party antivirus?

The big consumer antivirus brands (Avast, AVG, Norton, Bitdefender, Kaspersky, ESET) almost always flag the loader on first download. The reason is the same — reputation is zero — but their UI is different.

In general, find the loader EXE in your AV's quarantine, mark it as Allowed / Trusted / Whitelist, and run it again. Each vendor's exact menu path is documented in /help/antivirus so you don't have to fish for it.

If your AV is Windows Defender + something else in tandem, the something-else is usually the one quarantining — Defender is good about respecting third-party AV decisions.

Is it actually safe to bypass SmartScreen for this?

The honest answer: yes, for this specific file from your dashboard. The reasons:

The loader's hash is published on your dashboard the moment you download it. Compare it. If it matches, the file is what we shipped.
The signature file (.sig) verifies the EXE was signed with our release key. If verification passes, no one in the middle tampered with it.
The loader does only what we publish in our /changelog: pull the latest payload, mount it, authenticate, and exit on sign-out.

The general advice — don't click "Run anyway" on EXEs from random download links — is good advice. It just doesn't apply to a file you fetched from a signed-in dashboard whose hash you can compare. If you're not sure the file you have is the file we shipped, don't run it — ask in Discord, paste the hash, we'll verify.

What we are not asking you to do

Some shady cheats tell you to disable Defender entirely or uninstall your antivirus before running the loader. We don't, and we wouldn't. If you ever see that instruction from us, it's fake. The legitimate flow is the four clicks above:

Right-click → Properties → Unblock.
Double-click.
SmartScreen → More info.
Run anyway.

Defender stays on. Your AV stays on. The loader runs in a normal user account. Nothing on your system is permanently weakened.

What if it still won't run?

If you've done all of the above and the loader still doesn't open, the issue is almost always one of three things:

Group Policy is locking down "unsigned" or "unknown-publisher" EXEs (school, work, family-shared profile). Use a personal account.
The EXE is corrupted mid-download. Delete it, re-download from the dashboard, compare the hash on the dashboard before running again.
An AV is still silently quarantining without the toast. Open your AV's protection history and look for the file.

When none of those fit, ping us in Discord with a screenshot of what you see. Peak-hours first-response is under 30 minutes.

The full troubleshooting tree — including the PowerShell signature verify command — lives at /help/smartscreen. Bookmark it. You'll only hit SmartScreen once per build, but builds ship often.

Open /help/smartscreen · Discord

Try Nimbus — from $5/day

Hero-aware aim with gravity-correct projectile lead. Information ESP — cooldowns, ult charge, summons. Minutes-not-hours patch turnaround.

Keep reading

Nimbus loader splash and Marvel Rivals in-game menu screenshot composite

June 2, 2026

Quick start: install and launch Nimbus in 90 seconds

From checkout to the 14-tab in-game menu in under two minutes. The full step-by-step for first-time Nimbus customers, with the gotchas called out.

Hardware ID reset illustration — a Nimbus license key floating between two PCs

June 2, 2026

HWID reset guide — moving Nimbus to a new PC

New motherboard, fresh Windows install, or moving to a new rig? Here's the HWID reset flow, the cooldown rules, and when to open a ticket instead.

June 2, 2026

Best Marvel Rivals overlay in 2026 — a Nimbus comparison

We compared Nimbus against the loudest public Marvel Rivals overlays on features, patch cadence, support, and ban hygiene. Honest table, no marketing hand-wave.