Antivirus exclusion guide (Defender, Malwarebytes, Avast, Norton)

Every major Windows antivirus eventually flags Nimbus on a generic heuristic. The loader does process injection, so anything that does behavioral scanning on injection patterns marks it as suspicious — that's the right behavior from your AV's point of view. We sign the loader with an EV cert, but the cert alone isn't enough to skip every heuristic.

Add an exclusion before you download — that way the AV doesn't quarantine the file mid-download and you don't end up with a half-saved binary. Pick your AV below.

Windows Defender. Open *Settings → Privacy & security → Windows Security → Virus & threat protection*. Under Virus & threat protection settings, click Manage settings. Scroll to Exclusions, click Add or remove exclusions, then Add an exclusion → Folder. Pick the folder where you'll keep the loader — C:\Nimbus\ is the recommended path. That single folder exclusion covers the loader binary, the auto-update staging folder (C:\Nimbus\update\), and the runtime logs.

Malwarebytes Premium. Open the main UI, click Detection History to clear any existing Nimbus flag first (otherwise the exclusion won't take effect). Then open Settings → Allow List → Add → Allow a File or Folder. Pick the same C:\Nimbus\ folder. Tick all three boxes (Detection, Ransomware, Real-time protection). Click Done.

Avast / AVG. Same engine, same steps. Open the main UI, go to Menu → Settings → General → Exceptions. Click Add Exception, browse to your loader folder, click Add Exception. Avast's exception applies to File Shield, Web Shield, and Behavior Shield simultaneously — you don't need to add it three times.

Norton 360. Open Norton, click Settings → Antivirus → Scans and Risks → Exclusions / Low Risks. Under Items to Exclude from Auto-Protect, Script Control, SONAR, and Download Intelligence Detection, click Configure. Add the loader folder. Then under Items to Exclude from Scans, add the same folder. Norton needs both entries — the first prevents real-time quarantine, the second prevents scheduled scans from re-flagging.

Bitdefender. Open the main UI → Protection → Antivirus → Settings → Manage Exceptions → Add an exception. Browse to the loader folder. Tick Antivirus and Online Threat Prevention.

McAfee. Open the main UI → PC Security → Real-Time Scanning → Excluded Files. Add the loader folder. McAfee's exclusion is file-level by default — if you want the whole folder excluded, you have to add it as a directory.

Kaspersky. Open the main UI → Settings → Threats and Exclusions → Manage exclusions → Add. Browse to the folder. Under Components, tick File Anti-Virus and System Watcher.

ESET NOD32 / Smart Security. Open the main UI → Setup → Advanced setup → Detection engine → Exclusions → Performance exclusions → Edit → Add. Use a wildcard path: C:\Nimbus\*. ESET's heuristic is more aggressive than most; if you still get flags after this, also add a Detection exclusion for the SHA-256 of the loader (shown in the loader's About panel).

SmartScreen. Separate from your AV. See the standalone SmartScreen guide — it's a Windows-level warning that triggers once on first run.

The loader is already in quarantine. Restore it from the quarantine first (most AVs have a one-click restore in the detection history), then add the exclusion, then re-launch. Do not download a fresh copy until the exclusion is in place — you'll just re-trigger the same flag.