I think your best course of action is to contact the Windows Defender support team. From the official FAQ:
Why does my virus-scanning software think my Go distribution or compiled binary is infected?
This is a common occurrence, especially on Windows machines, and is almost always a false positive. Commercial virus scanning programs are often confused by the structure of Go binaries, which they don’t see as often as those compiled from other languages.
If you’ve just installed the Go distribution and the system reports it is infected, that’s certainly a mistake. To be really thorough, you can verify the download by comparing the checksum with those on the downloads page.
In any case, if you believe the report is in error, please report a bug to the supplier of your virus scanner. Maybe in time virus scanners can learn to understand Go programs.
And here’s a comment by Ian Lance Taylor:
The Go FAQ doesn’t give any more information about this issue because we don’t know anything else about it. We don’t know why Windows virus scanners tend to have false positives on Go binaries. We haven’t talked to Microsoft about it very much, because the bug reports we see are usually about third party virus scanning products, not about Microsoft itself. That said, this article does mention Windows Defender, so maybe things have changed.
And another:
@IndustrialPerformanceDude It’s OK to post here but the Go project is not going to be taking any action on this.
Again - just reinforcing that it’s a Virus Scanner problem, not a Go problem. Wish I could be of more use but I haven’t actually run up against this yet in my years as a gopher. Maybe somebody else can chime in with more useful info.