Microsoft releases a fix for the Behavior:Win32/Hive.ZY error in Windows Defender

Behavior of Windows Defender Win32 Hive.ZY

A Microsoft official confirmed widespread reports of Google Chrome, Chromium Edge, Discord, and several other apps being marked as “Behavior: Win32/Hive.ZY” by Microsoft’s built-in antivirus ‘Windows Defender’. In a statement, the tech giant confirmed that it is working on a solution that will be rolled out to everyone in the next few hours.

So what exactly is “Behavior: Win32/Hive.ZY”? According to a document published on the Microsoft security portal, any file marked “Behavior:Win32/Hive.ZY” is a threat with suspicious designed behavior. It is used to flag potentially malicious files, especially those files downloaded via emails.

The notification appears to have been added with Defender version 1.373.1508.0. Your app could be flagged as malicious by the following apps:

  • Microsoft Defender Antivirus for Windows 10, Windows 11, and Windows 8.1, or Microsoft Security Essentials for Windows 7 and Windows Vista.
  • Microsoft Security Scanner.

Behavior Win32 Hive.ZY error

We received confirmation from Microsoft that this activity is a false positive issue, but it’s another issue for companies like Google and Discord, as customers are apparently reaching out to their support.

VirTool Win32 Defender Tampering Restore

Reports, seen by us, show that affected users are automatically shown the aforementioned error during regular Defender scans.

“Docker Desktop downloaded from their site or installed via WinGet reports “Behavior: Win32/Hive.ZY” as of this morning’s security update. This prevents Docker Desktop from updating via WinGet or the internal application update option, and results in many, many, many false warnings,” noted one of the affected users.

In our tests, we found that Windows Defender on both Windows 10 and Windows 11 flags Chromium-based apps and others like Discord as “Win32/Hive.ZY.” If you are affected, you can easily reproduce the error if you kill all processes for Edge, Chrome, or whatever triggers it and launch the app again.

If the app continues to run in the background, the error will reappear over time.

“The alert appears when opening a new page in Chrome, but not all. Even for when I click More info in protection history. It started happening today, probably after a Windows Defender update. The culprit is always one of Chrome’s PIDs,” another user noted.

Microsoft releases fix for Behavior:Win32/Hive.ZY

There is not much you can do to fix Windows Defender false positive errors as they can only be patched via a server-side update from Microsoft. Fortunately, Microsoft officials told us that they have already begun investigating the issue and a possible fix has been released.

The fix is ​​being deployed with version: 1.373.1537.0. A fixes Behavior: Win32/Hive.ZYfollow these steps:

  1. Search for ‘Windows Security’ in Windows Search.
  2. Go to Protection against viruses and threats.
    Behavior detected Win32 Hive.ZY
  3. Search for updates.
  4. Restart.

Leave a Comment