Windows Defender accused some geth and ethereum files to have a trojan horse called Tilken.B!cl
file: C:\Program Files\Geth\uninstall.exe
file: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Geth\Uninstall.lnk
regkey: HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Ethereum Geth
startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Geth\Uninstall.lnk
uninstall: HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Ethereum Geth
Is it a false positive or a real threat??
Apparently this alert happened to more people:
Is my computer infected? Trojan:Win32/Tilken.B!c…
Microsoft Malware Encyclopedia
Best Answer
For the most recent version of the client (1.7.3) for which Windows Defender raises the "Trojan:Win32/Tilken.B!cl" flag, VirusTotal reports 6 out of 67 detections: https://www.virustotal.com/#/file/aa95f8f9f4308827bfb5bd27e55762f78b5f370695c1954eef9462ec007864e0/detection. However, a very similar picture was before with such clients.
I've found that the previous version of the client (1.5.5) also raised such a flag, but in reality, it seems to be clear as confirmed by Microsoft: see related thread on GitHub. I've also submitted the analysis request for the v1.7.3 with potential "Trojan:Win32/Tilken.B!cl", will see the result.
UPDATE 2017-12-04
The submission to Windows Defender SI didn't confirm any malware in file contents, as shown on the screenshot below.