It appears that today, Jun 15, 2022, Cisco AMP for Endpoints detects syncthing.exe as Malicious, the SHA-256 detection is 86f427bc949d5087dbcbcbec788acd488b95306a0090c550eced3bbfc7d2d844. It’s being detected with these signatures: W32.File.MalParent, and W32.86F427BC94-100.SBX.TG.
I’m going to declare it whitelisted and force AMP to put it back. Just wanted you all to know. Thanks!