On September 5, 2022, a listing in Microsoft’s Windows Defender database showed multiple threats appearing on Windows PCs. Even when blocked, the Behavior:Win32/Hive.ZY threat reappears and confirms that “Microsoft Defender Antivirus found threats.”
Although the threat is listed in Windows Defender as “serious”, it is actually a false positive. And shortly after the issue surfaced, Microsoft released a security intelligence update that prevents the alerts from appearing. While not all users are affected, if your device displays this alert, here’s how to fix it.
Users affected by the behavior:Win32/Hive.ZY
You may notice, when opening certain applications, that they are marked as Behavior: Win32/Hive.ZY by Windows Defender. Affected apps include Google Chrome and Chromium Edge, as well as Electron-based apps like WhatsApp, Discord, and Spotify.
For example, if you open a new Chrome window (note that this does not happen when you open a new tab), the threat will appear in the bottom right corner of your Windows PC or laptop.
Users who click the notification will see Windows Defender flag the threat as serious, with the option to Remove either Allow on device.
If you select Remove and then click start actionsyou will notice that the next time you open one of the affected applications, the threat will reappear.
Microsoft confirms that Behavior: Win32/Hive.ZY is a false positive
Many Windows 10/11 users turned to Microsoft forums for answers. DaveM121, an independent Microsoft consultant, confirmed in response to a Microsoft Answers question:
This appears to be a false positive, it’s a bug that hundreds of people are currently reporting.
For your peace of mind, users experiencing this issue are not at risk and their devices are not infected by any type of virus. The issue is said to have originated from the security intelligence version of Windows Defender. 1.373.1508.0.
How to fix the behavior: Win32/Hive.ZY alert
After many reports of the Behavior:Win32/Hive.ZY alert appeared, Microsoft issued a simple fix to resolve the issue.
- Press the Windows logo on your keyboard and type Settings.
- navigate to Privacy & Security > Open Windows Security.
- Click on Protection against viruses and threats.
- Select Protection updates from the menu and then click Search for updates.
If you can’t see the update when you follow the steps above, you can manually update Windows Defender by clicking one of the links below.
The fix for this issue was implemented with version 1.373.1537.0. However, since then there has been another update to Windows Defender, so your version may be listed as version 1.373.1567.0 or later.
Windows Defender has a history of false positives
While there is now a fix to the issue some users were experiencing with Windows Defender, this isn’t the first false positive that Microsoft has pointed to as the culprit in 2022. In April, Defender flagged a Google Chrome update as bad, upsetting many people. in the process.
The good news is that Microsoft fixes any potential problems very quickly. Windows users should continue to check for operating system updates as well as security intelligence updates to ensure their devices are protected.