- Windows Defender alerts people “Behavior: Win32/Hive.ZY” “threat detected”.
- The problem is related to a recent list of bugs detected in Microsoft’s Defender update file
- The trigger appears to be related to Defender, which detects “Electronic-based or Chrome-based apps as malware.”
- Microsoft is expected to patch/update Microsoft Defender to fix the problem
Update #1 (1:50 p.m. ET): According to the Microsoft support forums, the Defense Team says they are looking into this and hopefully they will release a patch for it soon.
Update #2: (7:50 PM ET): According to the Microsoft support forums, “Hints from Microsoft Agent is a fix (Version: 1.373.1537.0)”
To check for the latest updates in Windows 10/11, select Check for updates on the Windows Security Virus and threat protection screen.
Offline installers are available from these links:
64 bit downloads
https://go.microsoft.com/fwlink/?LinkID=121721&arch=x64 (opens in new tab)
32 bit Download:
https://go.microsoft.com/fwlink/?LinkID=121721&arch=x86 (opens in new tab)
This morning, a listing in Microsoft Defender’s database (or even Windows Update) is wreaking havoc on people’s Windows computers.
People Reddit they are “freaked out” not only by the threat reported by Microsoft Defender, but also by the threat that keeps popping up and reoccurring despite the supposed threat being blocked.
The threat states in a pop-up message that “Behavior: Win32/Hive.ZY” was detected and listed as “severe”. However, after taking action to fix the problem, it does not go away and the user will continue to receive the same notification. The reminder may return after 20 seconds, the cycle repeats indefinitely.
We experienced the problem on a PC; see screenshots below.
The current threat is only listed as “This general detection for suspicious behavior is intended to catch potentially malicious files.”
The good news is that if you experience this problem, your computer is not infected with any virus or malware. According to a, this detection appears to be a false positive Microsoft support forum (opens in new tab)where the listing in Microsoft Defender’s database incorrectly states that the activity is dangerous.
From Independent Consultant DaveM121:
“This seems to be a false positive, it’s a bug reported by hundreds of people right now, it seems to affect all Chromium-based web browsers and email-based apps like Whatsapp, Discord, Spotify…etc.”
“This is a developing situation with no official word from Microsoft yet, but it appears Security Intelligence Update for Microsoft Defender Antivirus – KB2267602 (Version 1.373.1508.0)”
A common thread among users experiencing this issue is the use of “Electron-based or Chrome-based applications,” including Google Chrome, Microsoft Edge, and anything that runs Visual Studio Code.
It seems that the problem is caused Defender Definition/Update Version 1.373.1508.0that is, Microsoft should update that file and the problem should be resolved.
As it is a holiday weekend in the US, Microsoft has not yet commented on the problem. There may be an extended delay in the delivery of the update to the millions of affected computers.
If there are any new solutions or comments from Microsoft, we will update this article accordingly.
