Microsoft Defender “Behavior:Win32/Hive.ZY” false-positive threat is finally over

Reading time icon 1 min. read


Readers help support MSpoweruser. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help MSPoweruser sustain the editorial team Read more

If you are one of those who experienced the alarming false positive from Microsoft Defender this week due to Behavior:Win32/Hive.ZY rated as “severe,” it should be over now as the company itself has already released an update to resolve it.

The issue was first noticed on Sunday when Microsoft introduced the Defender signature update 1.373.1508.0, which presented two threat detections, including Behavior:Win32/Hive.ZY. Microsoft said “this generic detection for suspicious behaviors is designed to catch potentially malicious files.” However, it caused confusion among users when Defender flagged Google Chrome, Microsoft Edge, Discord, and other Electron-based apps (Whatsapp, Discord, Spotify, etc.) as Win32/Hive.ZY whenever being launched. Thankfully, the alarm is false positive, meaning there’s no problem with system infection.

Microsoft has already rolled out the Microsoft Defender security intelligence update version 1.373.1537.0, which should remove the Win32/Hive.ZY false positive being experienced by users. The fix should be available for everyone now, and if you are using automatic updates for Microsoft Defender, additional actions might be unnecessary.

User forum

0 messages