I just wanted to add to this - I've always downloaded PKHeX from here whenever there's an update and never had any false positive issues, even after it was rewritten and the dll added to the program. The 9/22 update was the first time I got that same trojan warning from Windows 10 on the pkhex.core.dll. I downloaded it again from here and still got the same trojan notification for it. When I went over to teamcity and got the latest one from there, I was able to download it with no warning and a scan of the files from teamcity didn't find anything.
Is there a possibility that the version hosted here is compromised?