You downloaded from here: /http://downloads.novirusthanks.org/files/osarmor_setup.exe ? It is most likely false positive in this case. SHA-2562fb310481e94daef3688b363b3a51ca309c5fb33ea7ef6e61087cd00593a7588 for the above exe's link. Edit: This detection is generated by WD's heuristic cloud so it has to be false positive triggered by the intended behavior of OSArmor. You may also ask questions in the dedicated thread for OSArmor: https://www.wilderssecurity.com/threads/novirusthanks-osarmor-an-additional-layer-of-defense.398859/