Add Windows Defender false positive guidance to README

Unsigned Rust binaries that use keyboard hooks, input simulation, and
clipboard access trigger Defender heuristics. Document the workaround
(Defender exclusion) and point users to building from source.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

README.md

@@ -82,6 +82,36 @@ A small colour-coded bar appears at the top (or bottom) of your screen:
 
 Set `overlay_position: none` to disable.
 
+## Windows Defender False Positive
+
+Windows Defender may flag `mouth.exe` as malicious and quarantine it. This is a
+false positive caused by the way Mouth works — it uses global keyboard hooks,
+simulated input, and clipboard access, which are the same techniques used by
+legitimate accessibility tools but also match heuristic patterns that antivirus
+software looks for.
+
+Mouth is open source and you can inspect every line of code in this repository.
+Unfortunately, the only reliable way to prevent these warnings is to purchase a
+code signing certificate, which I can't justify for a free, non-commercial
+project. If you're not comfortable adding an exception, you're welcome to build
+the exe yourself from source (see below) — a locally built binary is far less
+likely to be flagged.
+
+To add an exclusion in Windows Defender:
+
+1. Open **Windows Security** (search for it in the Start menu)
+2. Go to **Virus & threat protection**
+3. Under "Virus & threat protection settings", click **Manage settings**
+4. Scroll down to **Exclusions** and click **Add or remove exclusions**
+5. Click **Add an exclusion** → **File**, then select `mouth.exe`
+
+If Defender has already quarantined the file, you'll need to restore it first:
+
+1. In **Virus & threat protection**, click **Protection history**
+2. Find the Mouth entry, expand it, and click **Restore**
+
+Then add the exclusion above to prevent it happening again.
+
 ## Building from Source
 
 Requires Rust 1.75+.