is it normal for windows defender to flag a file in the zpool gui miner as a trojan, or do I have a bigger issue?
This is a false positive and it depends on your AV as to if it attempts to block it or not. I only use windows defender for testing and it does flag ccminer_polytimos as a virus but it is also a false positive so I just restore it. I would replace it if it was not the fasted for many algos.