Antivirus flagged it
Why this happens to every loader on the market and the safe way to whitelist.
Why every loader gets flagged
Loaders for any modding or cheating tool look identical to malware to a heuristic engine because they do the same three things:
- Talk to a remote auth server with a license-style payload.
- Write executable content into another application's directory.
- Take steps to be invisible to anti-cheat (which from the AV's perspective looks like "evade detection").
AV engines that flag on behavior, not signature, will always tag us. We do not sign the loader with a stolen or shell-corp cert (that's how some prior loaders did it — we won't, because shell-corp certs get revoked the moment AV vendors pick them up).
Windows SmartScreen
Click More info then Run anyway. SmartScreen reputation accrues across the user base over a few hours after each release.
Defender quarantine
If Defender actually quarantines Nimbus.exe or the payload:
- Open Windows Security → Virus & threat protection → Protection history.
- Find the Nimbus entry, click Actions → Restore.
- Open Manage settings → Exclusions → Add an exclusion → Folder.
- Add your Nimbus install folder.
Third-party AVs
Bitdefender, Kaspersky, Norton, ESET, Avast — same general flow as Defender. Find quarantine, restore, add the Nimbus folder to exclusions.
If your corporate AV doesn't let you add exclusions, we cannot help. The loader will not run.
What not to do
- Do not disable your AV entirely. Add an exclusion for the Nimbus folder, that's it.
- Do not "fix" SmartScreen by lowering Windows' overall security. The Run-anyway button is the right answer.
- Do not run a random AV-bypass tool from a forum. Those are often the actual malware.