GData Internet Security flags up files written to the cache, whether using this package or not.

GData considers the files to be trojans.

I wonder if it is the application/octet-stream MIME type still present in the file?

It could be, however I am not sure how to bypass that. I can change the application/octet-stream MIME type that is saved in the browser's cache, I do not know however if that is wise or if that it will fix this issue.

In any case it must be investigated more.

Without using the cache in service-worker the package seems to work for me (at first sight) with GData Internet Security.
No, it does not :(

There is a new beta version (1.7.1-beta) of this package that should take care of this problem. It replaces the default Blazor caching with a custom one that stores the obfuscated files in the cache instead of the unobfuscated ones.

Could you give it a try and see if it works for you?

This is now released in version 1.7.1 and should be solving this issue. Cheers!

Yes, I can confirm it works for us, thanks!

For clarity, as this replaces the default Blazor caching, should BlazorCacheBootResources be true or false?

It should be true unless you want to disable it. It behaves as the default Blazor caching would.
If you add the <BlazorCacheBootResources>false</BlazorCacheBootResources> then the custom caching is disabled (just as the default one would).