When installing, and perhaps afterward, it's possible for AntiVirus / AntiMalware software to flag ToDoList. This is known as a “false-positive” - the AV code got a positive hit according to its rules, but in this case it's simply wrong.

ToDoList is Open Source Software. Anyone can verify that the code does not contain a virus or any form of malware.

Many legitimate applications get flagged for how they work, not for what they do. ToDoList opens network connections, reads files, downloads updates, creates new files, re-executes itself, launches web page requests, executes other programs, and makes use of tools for to support many features. Many bad applications (malware) perform the same operations but for completely different reasons.

Even before you run ToDoList, Anti-Malware can flag the zip download for the software as being malicious. This is because it scans inside the zip and finds executables, one of which is TDLUpdate.exe. We can hardly blame these programs for thinking something is wrong. Yes, this software does exactly what malware does in terms of modifying itself after installation, but those modifications are helpful, not hurtful. Again, this is why this is called a “false positive”.

A specific protection utility needs to know about this software, or it needs to distinguish between bad usage of the local system and good usage. This is very difficult. This kind of code can break from one release to the next - a new set of virus detection definitions might flag ToDoList where it didn't before. As Dan said in this discussion:

Unfortunately there is nothing I can do to prevent these issues as AV software is becoming looser and looser with its heuristics and MS provides no helpful information about what exactly causes the trigger (presumably to prevent real virus writers from circumventing the AV code).

If you have the ability to override a warning, please do. If you can, please notify the anti-malware provider that ToDoList and AbstractSpoon are legitimate. If you cannot override the warning, please report the issue. See Getting Help.

Unfortunately when an application is suspected of being nefarious, the protection software may quarantine the executable file, the .ini config file, and/or data files like the .tdl tasklists. Ref

This Issue reports an issue with Norton AntiVirus and Symantec Endpoint Server. It also documents possible issues with Windows SmartScreen which has been reported to report a warning during an upgrade.

• Installing ToDoList under C:\Program Files and related folders could cause a flag to be raised. Ref
• Here is a report about a scan by VirusTotal.com
• Here is a report about Windows 10 and Microsoft Defender.
• Automation programs can also raise flags. Here is a report about AutoHotKey which is often used with ToDoList.

As you can see, this is a common situation, but the bottom line is that this software is not harmful.

If ToDoList fails to update from menu > Help > Check for Updates, a firewall on the PC or on the network might be stopping the application from connecting to a remote system and downloading files. You need to add a firewall exception for todolist.exe.