Windows Defender is reporting a false-positive threat 'Behavior:Win32/Hive.ZY'; it's nothing to be worried about - Windows Central

2 years ago 43
Microsoft Defender
(Image credit: Daniel Rubino)
  • Windows Defender is alerting radical of a "threat detected" for "Behavior:Win32/Hive.ZY"
  • The contented is tied to a caller listing successful Microsoft's Defender update file, which is making a incorrect detection
  • The trigger seems tied to Defender detecting "Electron-based oregon Chromium-based applications arsenic malware"
  • Microsoft is expected to patch/update Microsoft Defender to alleviate the issue

Update #1 (1:50 PM ET): According to the Microsoft enactment forums, the Defender Team indicated they are investigating this and volition hopefully merchandise a spot for this soon.


This morning, a listing successful Microsoft Defender's database (or adjacent Windows Update) is causing havoc connected people's Windows PCs. 

People connected Reddit are "freaking out" implicit not conscionable a reported menace from Microsoft Defender but 1 that keeps popping up and recurring contempt the alleged menace being blocked.

The menace is revealed successful a pop-up connection noting that "Behavior:Win32/Hive.ZY" has been detected and is listed arsenic "severe." However, aft taking enactment to rectify the issue, it does not spell away, and the idiosyncratic volition support receiving the aforesaid prompt. The reminder whitethorn instrumentality aft 20 seconds, with the rhythm repeating endlessly.

We experienced the contented connected 1 PC; spot the screenshots below.

(Image credit: Daniel Rubino)

The existent menace is lone noted arsenic "This generic detection for suspicious behaviors is designed to drawback perchance malicious files."

The bully quality is that your computer, should you beryllium experiencing this problem, is not infected with immoderate microorganism oregon malware. This detection appears to beryllium a mendacious positive, according to a Microsoft Support forum (opens successful caller tab), wherever a listing successful Microsoft Defender's database incorrectly reports enactment arsenic dangerous. 

From DaveM121, an Independent Advisor:

"This does look to beryllium a mendacious positive, it is simply a bug presently being reported by hundreds of radical astatine the moment, it seems to beryllium related to each Chromium based web browsers and Electron based apps similar Whatsapp, Discord, Spotify...etc."

"This is an evolving concern with nary authoritative connection from Microsoft yet, but seems to beryllium caused by Security Intelligence Update for Microsoft Defender Antivirus - KB2267602 (Version 1.373.1508.0)"

The communal thread among users experiencing this occupation is the usage of "Electron-based oregon Chromium-based applications," including Google Chrome, Microsoft Edge, and thing that runs Visual Studio Code.

The occupation seems to originate from Defender's Definition/Update Version 1.373.1508.0, meaning Microsoft needs to update that file, and the contented should beryllium resolved.

So far, Microsoft has not publically commented connected the occupation arsenic it is simply a vacation play successful the United States. There could beryllium an extended hold successful getting the update pushed retired to millions of apt affected computers.

We'll update this nonfiction accordingly if determination are immoderate caller solutions oregon comments from Microsoft.

Daniel Rubino is the Executive Editor of Windows Central, caput reviewer, podcast co-host, and analyst. He has been covering Microsoft present since 2007, backmost erstwhile this tract was called WMExperts (and aboriginal Windows Phone Central). His interests see Windows, Microsoft Surface, laptops, next-gen computing, and arguing with radical connected the internet.

Read Entire Article