This is a bit offtopic, I wasn't sure whether to post it in this thread.

Creating small programs has never been easy lately due to the suspicions of antivirus software, but it has recently become much more challenging with the inclusion of Windows Defender in the arbitration process, bypassing the supposed good judgment that the antivirus installed on the system might have.

Is this Microsoft sabotaging itself? Perhaps they're trying to tell us to migrate to Linux to do these things?

Has anyone else had these same thoughts?

Can Windows Defender be set up to ignore a directory with all sub-directories?
I usually do that for my development directory, but I use the different AV system.
It always works for me, because all my projects (C, FASM, Python, etc.) are in one root directory: C:\Projects.
Also, good for backups.

I add exclusions for everything.

AVs in general are hopeless IMO. We get too many false negatives and false positives, and it just wastes time.

But that doesn't help when sending code to others that will have all the AVs installed to keep themselves "protected". And there isn't a proper solution. We just have to try to educate the customers as best we can. Fortunately for us we deliver full source code so it is an easier path.

There is an option to get a signing certificate from MS and go through all the process of that, but it is very onerous and expensive, and ultimately puts MS in control, which we rejected as a "solution".

Sure. And it gets tougher as it goes on. It often takes the initiative and deletes files before even asking. I also had to add some exclusions so I can get my local work done smoothly.

This must be a desperate attempt by Microsoft to get us to switch to Linux

Spot on revolution. I’m questioning how many people who downloaded my small interpreter actually took the extra step to turn off real-time protection or jump through the hoops Windows sets up. Some tech-savvy users will definitely go for it, but I expect they’ll be a small minority.

This is puzzling. The program I was working all day yesterday without issues, yet I am suddenly seeing this today. What is the name of this suspicious program....FASMW.EXE

Lets see what AI has to say about it:

Βased on the information provided, FASMW.EXE is likely a false positive (a harmless program incorrectly flagged as a virus by antivirus software) rather than an actual malicious program.

I thought so

Haha, asking a useless "AI" to comment on a useless "AV" result? I'm not sure which is less trustworthy, the AV or the AI.

Hmm... useless AI got it right!
Well, a broken clock is right in 1/720 of cases.

The useless AI answers based upon how the question is posed. Ask the question in a different way and get a different answer.

Use Add-MpPreference in an elevated PWSH session so it's scriptable and reproducible across machines:
Signing your outputs
A self-signed cert won't help with Defender's reputation system (SmartScreen), but it separates the quarantine trigger (heuristic AV) from the reputation trigger (SmartScreen). They're distinct engines and sometimes people conflate which one fired.

Defender Attack Surface Reduction (ASR) rules
If you're on a managed machine or have accidentally enabled ASR rules, some of them specifically block "executable content" creation from unusual processes — this can catch assemblers even with exclusions in place. Check: ASR rules override folder exclusions in certain configurations. You'd need to either disable the relevant rule or add a per-rule exclusion path.

Controlled Folder Access
Separate from exclusions — if CFA is enabled, it blocks writes to protected folders regardless of AV exclusions. Check and add your dev folder:

Longer term: Windows Sandbox or a VM
Keep your dev environment inside a Hyper-V VM or Windows Sandbox where you can disable Defender entirely without touching your host policy. The toolchain lives there, outputs get copied out. Overkill for casual use but eliminates the cat-and-mouse entirely.

The exclusion approach is genuinely the right call here — it's not a workaround, it's the intended mechanism for developer toolchains. The awkwardness is just that Microsoft's defaults are tuned for end-user machines, not dev environments.

[This is the dev experience. The time and cost to create a seamless end-user experience is dismal.]