The executable was exported from the Godot engine without a code-signing certificate.
Code-signing certificates are paid services provided by authorities like Microsoft, and without one, Windows labels the publisher as “Unknown.”
Some antivirus programs automatically flag such unsigned executables as potential threats.
This is a common false positive for indie games. The file contains no malicious code and can be verified via VirusTotal.com.
https://www.virustotal.com/gui/file/bbcb12ae8cc47dce92f2e8887ab68ecfe4287b00569e...