- Windows Defender is warning people “Threat detected” for “Behavior:Win32/Hive.ZY”
- This issue is related to Microsoft’s recent list of Defender update files, making false detections.
- The trigger appears to be associated with Defender detecting “Electron- or Chromium-based applications as malware”.
- Microsoft will patch/update Microsoft Defender to mitigate the issue.
Update #1 (1:50 PM ET): Microsoft support forums indicate that the Defender team is looking into this and will be releasing a patch soon.
Microsoft Defender’s database (or even Windows Update) list is wreaking havoc on people’s Windows PCs this morning.
people reddit Not just threats reported by Microsoft Defender, but threats that keep popping up and reoccurring even though they are blocked.
The threat isWorks: Win32/Hive.ZYis detected and marked as Critical. However, even after taking steps to fix the issue, the issue persists and users continue to receive the same prompt. A reminder may be returned after 20 seconds and the cycle repeats. endlessly.
I have a problem on one PC. See screenshot below.
image 1 of 3
The actual threat is only noted as “This generic detection for suspicious behavior is designed to detect potentially malicious files.”
Luckily, if you encounter this problem, your computer is virus-free and malware-free. This detection appears to be a false positive, according to Microsoft support forum (opens in new tab)the activity is incorrectly reported as dangerous in Microsoft Defender’s database listings.
From independent advisor DaveM121:
“This appears to be a false positive. It’s a bug reported by hundreds of people right now. It seems to be related to all Chromium-based web browsers and Electron-based apps like Whatsapp, Discord, Spotify, etc. .”
“This is an evolving situation with no official announcement from Microsoft yet, but appears to be caused by Security Intelligence Update for Microsoft Defender Antivirus – KB2267602 (Version 1.373.1508.0).”
Common for users experiencing this issue is the use of “Electron- or Chromium-based applications”, including anything that runs Google Chrome, Microsoft Edge, and Visual Studio Code.
The problem seems to come from Defender definitions/updated version 1.373.1508.0This means that Microsoft needs to update that file and fix the problem.
So far, Microsoft has not publicly commented on this issue. This is because the US is a holiday weekend. Additional delays may occur before pushing updates to millions of potentially affected computers.
We will update this article accordingly with any new solutions or comments from Microsoft.