Although, i haven’t seen it reported before, when downloading and installing swi prolog-- perhaps an updated finger print file caused it.
Just about every release has 1 or 2 false alarms from some virus scanner. If anyone knows a solution to that, please share. In the past the downloadable files were direct links and the entire site was often blocked as a malicious site. With the current indirection that problem seems fixed 
Feb. 2024: Though SHA256 was verified prior to the install attempt, HP Sure Click reports swipl-9.2.0-1.x64.exe as malicious. I won’t ignore my virus scanner, so my next course is to migrate to a different platform. As for the core issue, sorry but I’ve no real help, only the repurposing of an old, tired, NRA slogan: “When software is outlawed, only Outlaws’ll have software!” Peace and Happy Coding.
You can report it with HP as most likely false positive. Typically they will investigate the situation and give it a green flag.
I’m still looking for a good way to get the system signed. It seems to be rather complicated as I’d also would like to get the MacOS binaries signed with only one administrative hassle. If anyone knows a good company for this …
9.2.0 seems to get 8 of 70 flags according to VirusTotal. That is an unusual high score 
Normally, it gets lower over time as there are more downloads, people complain and the false positives get analyzed.
Note that there are also downloads from e.g. portableapps and a few more. Possibly these are signed?
Sorry I don’t know about signing the app, but - following @emiruz thinking - I stumbled into this Haskell ‘installer’, could be an alternative to the old fashioned (Windows) way ?
Set-ExecutionPolicy Bypass -Scope Process -Force;[System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072; try { Invoke-Command -ScriptBlock ([ScriptBlock]::Create((Invoke-WebRequest https://www.haskell.org/ghcup/sh/bootstrap-haskell.ps1 -UseBasicParsing))) -ArgumentList $true } catch { Write-Error $_ }
edit:
maybe not… just launched, and got this ‘warning’
Please note that ANTIVIRUS may interfere with the installation. If you experience problems, consider
disabling it temporarily.
So maybe it’s going to work for me, because I rely on just (default) Windows Defender…
If it would be so easy to bypass security it has little value 
What I am wondering though is that, if we get the code signed at the highest level, they say Windows defender is going to keep its mouth shut. Effectively the signing company verifies SWI-Prolog Solutions is a trustworthy company and Microsoft believes this (that is how I understand it).
Does this signature also silence the other virus scanners? Practice tells me that every release triggers a couple of them
did you already know that windows has built in a so called certification-store in every new windows install ? you can sign exe files with that application, it demands so called Code-signing certificates which can only be bought online and are very expensive
I looked a little into this problem, which also applies to MacOS. Would be great if there was a single party that can deal with both of them as part/most(?) of the costs seem to be about verifying the identity and trustworthiness of the “vendor”. The other problem is to get the signing process done as part of the release procedure automation. Here we are faced with the fact that we do not use Apple or Windows build tools.
Then there is some hope there are solutions for open source, but so far I only found references to discontinued services. If anyone can point at a workable solution, please share. Note that the signing can go through SWI-Prolog Solutions and may cost some money.