This smells a lot like issues folks also have with Sonar by Norton.
The "Proactive detection of unknown malware" through "Heuristic analysis" is the same as 'Sonar' which basically means that any exe on your system which isn't digitally signed is tagged as 'malware'
The old 'false positive' issue where they'd rather err on the side of caution.
Wreaks havoc for small software developers who don't digitally sign their software.
Either digitally sign your software or turn off that foolish "Heuristic analysis" option or add your exe's to the 'safe software' list.

Another option to consider isto add a folder where your executables created to a list of skipped / excluded folders.

Best regards,
Sergey

Is it possible to get the linker to sign native code? I've always used signtool in a separate step post-linking for this. If the exe is getting deleted as soon as the linker finishes writing it then my two step approach would still fail.

I use Norton Internet Security at home and had this problem (as noted earlier) - I was able to tell Norton to ignore my projects folder, after which it left it alone for the purpose of "heuristic" scanning.

Anti-virus software can intrude in other ways. I'm subjected to Symantec Endpoint security at work. I have a model that takes several hours to run which I was running once a week. I'd start it up and work on other things. Monday is staff meeting day, so I'd leave my desk for a while. After an update to the anti-virus software, I came back to my desk and discovered that the model had crashed because a file that it wanted to open was in use by some other process. First time this happened, I shrugged it off and just restarted the model and after a while it finished up. But next Monday, the same thing happened; model crashed while I'm at the staff meeting.

The cute part of this was that if I sat at my desk and watched, everything worked just fine.

I eventually figured out what was going on. In the model, a file wasbeing opened and closed periodically. This file was intended to
hold error messages, and if no error occured, the file would end up with alength of 0.

I can understand how this might be slightly suspicious, since a zero length file effectively reserves a cluster of disk space where something unpleasant can be hidden.

But this wasn't suspicious enough to make the program crash while I was
sitting at the keyboard doing other things.

If I wasn't typing away at the computer, the crash would occur right after the screen saver kicked in. I guess that Symantec figured that it could sniff things a bit harder when no one was around, and started looking at
some things that it normally didn't bother with. This sniffing tied up the file, and made the model crash.

The cure is the same one suggested here, exclude directories from the
virus scan.

Right - Norton calls this "idle time scanning". Other AV programs do something similar. I know you can disable this for Norton products, probably for some others as well.

Obviously a false positive caused by kaspersky AV disassembling engine.Dissasembled pattern trigerred as closest as possible match to know malware pattern. Kaspersky AV was some time ago crirticased for implementing unsafe SSDT hooking(patching) and for passing unchecked function pointers.