3 Apprentice
•
15.2K Posts
0
32212
Behavior:Win32/Hive.ZY - **CONFIRMED** false positive 9/4/22
[EDIT: Confirmation from Microsoft cited lower in this thread...]
I was surprised when Windows Defender suddenly alerted me that a "serious" threat had been detected on my computer, as I do my best to keep it "squeaky clean", and nothing was detected yesterday.
Unfortunately, the only information it gave me was the threat's "name", Behavior:Win32/Hive.ZY (and a process id#)... it did NOT indicate any particular file(s) where this allegedly was found, so I was unable to investigate/test further.
All I could find out officially was that "This generic detection for suspicious behaviors is designed to catch potentially malicious files".
"Generic", "suspicious" and "potentially" tended to confirm my belief that this was a false positive.
I then did a web search, and saw that MANY (hundreds? thousands??) people started experiencing this today... in particular:
How can I stop Win32/Hive.ZY to try and get around windows - Microsoft Community : this "Hive.ZY" threat pops-up shows up anytime a Chromium based application is launched. This means Chrome, Edge, and any Electron based apps like VS Code.
Behavior:Win32/Hive.ZY : antivirus (reddit.com) If you got this threat : "Behavior:Win32/Hive.ZY" , it's a false positive.. you will be notified by Windows security that you got this threat whenever you open a trusted electron based apps , to avoid this don't update Windows until this problem is solved.
I *did* have EDGE open when the threat was detected.
I have "told" Defender to ALLLOW this "threat".
EDIT: Some sources allege that this F/P began with Defender's Definition/Update Version 1.373.1508.0 (
and has yet to be fixed despite several subsequent updates
).
DELL-Chris M
Community Manager
Community Manager
•
54.3K Posts
0
September 6th, 2022 05:00
Correct.
The PC and operating system are fine. Microsoft addressed the false-positive with a Windows Defender update 1537.
* Search for Windows Security in Windows Search
* Navigate to Virus & Threat protection
* Check for updates
* Reboot
mmuuss93
1 Message
0
September 4th, 2022 06:00
Yes, I am also facing the same issue in my HP laptop. I read on these 2 sources seems it is false notification.
https://openskynews.com/windows-defender-executing-false-positive-threat-behavior-win32-hive-zy-worldwide/030600/
https://chroniclesnews.com/2022/09/04/microsoft-defender-notifying-false-positive-threat-behaviorwin32-hive-zy-worldwide/
ky331
3 Apprentice
3 Apprentice
•
15.2K Posts
0
September 4th, 2022 11:00
Microsoft Defender falsely detects Win32/Hive.ZY in Google Chrome, Electron apps (bleepingcomputer.com)
Windows Defender is reporting a false-positive threat 'Behavior:Win32/Hive.ZY'; it's nothing to be worried about | Windows Central
ky331
3 Apprentice
3 Apprentice
•
15.2K Posts
1
September 4th, 2022 13:00
Finally, we have acknowledgement/confirmation from Microsoft, albeit indicating " a fix which will be published within the next few hours".
Microsoft confirms Behavior:Win32/Hive.ZY false error in Windows Defender (windowslatest.com)
joe53
1 Rookie
1 Rookie
•
5.8K Posts
0
September 4th, 2022 18:00
By coincidence, ky, today was to be "patch day" for my 5 Windows systems connected to the internet. Three of those systems were quite in arrears for both Windows updates, and Windows Defender updates, having been turned off for some weeks. All however were running Windows 10, with Windows Defender/Security as my default security.
Prior to updating any of my systems, I ran a WD quick scan which found nothing. I opened my default browser (Edge) and surfed with no problems. (I understand Edge has been included as a vulnerable browser, due to some elements of Chrome included).
After updating all Windows Systems to Win 21H2 latest version (a painful and prolonged process, but I digress), again I could not replicate the issue described using the Edge browser.
As you probably know, it is my habit to delay installing monthly Windows patches by 7-30 days. I do not, however, delay installation of any Windows Defender definitions. All my systems also use Malwarebytes Premium real-time protection, except for one older laptop. I'm not sure what to make of all this, but can't help wondering if the false positive wasn't due to a recent Windows patch, rather than a false positive in Windows Security.
Many thanks for alerting so many to this glitch!
ThinkJarvis
1 Message
0
September 5th, 2022 00:00
I am also experiencing this issue Windows 10 Pro user.
But not experiencing it on my laptop exactly the same setup.
Hoping we get a fix from Microsoft soon!
ky331
3 Apprentice
3 Apprentice
•
15.2K Posts
0
September 5th, 2022 04:00
The fix is [allegedly] rolling out with definitions version: 1.373.1537.0 or higher.
A reboot is recommended [to be sure that update is actually invoked].