- Windows Defender warns people of a “threat detected” for “Behavior:Win32/Hive.ZY”
- The problem is tied to a new listing in Microsoft’s Defender update file that made a false detection.
- Trigger appears to depend on Defender “detecting Electron-based or Chromium-based apps as malware”
- Microsoft is expected to patch/update Microsoft Defender to mitigate the issue
Update #1 (01:50PM ET): According to Microsoft support forums, the Defender Team has stated that they are investigating this and hopefully will release a patch for it soon.
Update #2: (19:50 PM ET): According to the Microsoft support forums, “Indications from a Microsoft Agent, a hotfix has been released (Version: 1.373.1537.0)”
In Windows 10/11, select Check for updates on the Windows Security Virus & threat protection screen to check for the latest updates.
Offline installers are available at these links:
64-bit downloads
https://go.microsoft.com/fwlink/?LinkID=121721&arch=x64 (opens in new tab)
32bit Download:
https://go.microsoft.com/fwlink/?LinkID=121721&arch=x86 (opens in new tab)
This morning, a listing in Microsoft Defender’s database (or even Windows Update) is wreaking havoc on people’s Windows computers.
People reddit They are “going crazy” over not just a reported threat from Microsoft Defender, but a recurring and emerging threat despite the alleged threat being blocked.
The threat”Behavior: Win32/Hive.ZY” is detected and listed as “severe”. However, after taking action to fix the problem, the problem does not go away and the user continues to receive the same prompt. The reminder may return after 20 seconds, repeating the loop. Forever.
We had the problem on a computer; see screenshots below.
The actual threat is only listed as “This generic detection for suspicious behavior is designed to catch potentially malicious files”.
The good news is that if you are experiencing this problem, your computer is not infected with any viruses or malware. According to one study, this perception seems like a false positive. Microsoft Support forum (opens in new tab)where a list in Microsoft Defender’s database falsely reports the activity as dangerous.
From Independent Consultant DaveM121:
“This appears to be a false positive, a bug reported by hundreds of people right now, it seems to be related to all Chromium-based web browsers and Electron-based apps like Whatsapp, Discord, Spotify.”
“This is an evolving situation with no official statement yet from Microsoft, but it appears to be due to the Security Intelligence Update for Microsoft Defender Antivirus – KB2267602 (Version 1.373.1508.0)”
A common issue among users experiencing this issue is using “Electron-based or Chromium-based apps” including Google Chrome, Microsoft Edge, and anything else running Visual Studio Code.
The problem seems to be caused by Defender Definition/Update Version 1.373.1508.0It means that Microsoft needs to update this file and the problem should be resolved.
So far, Microsoft has not made a public statement about the issue as it is a holiday weekend in the United States. There may be a long delay before the update is sent to the millions of computers that are likely to be affected.
If there are new solutions or comments from Microsoft, we will update this article accordingly.
