What is Behavior:Win32/Hive.ZY?
Microsoft has released a virus signature update that misidentified Google Chrome, Microsoft Edge and other browsers based on the Chromium engine, as well as Discord, WhatsApp and other applications based on Electron as “Behavior:Win32/Hive.ZY”. This problem was first noticed on Sunday morning after Microsoft made available the 1.373.1508.0 signature update, which among other things included a description of two new threats, including Win32/Hive.ZY.
Behavior:Win32/Hive.ZY in detail
If you go to Microsoft’s website, the Win32/Hive.ZY threat is described as “This generic detection for suspicious behaviors is designed to catch potentially malicious files. If you downloaded a file or received it through email, ensure that it is from a reliable source before opening it.”.
Based on posts on the public forums, this update has already been installed on many computers. Many users have reported that Windows Defender detects Win32/Hive.ZY every time they open a browser or Electron-based applications.
The “Behavior:Win32/Hive.ZY” warning can be ignored as it is a false positive. That it identifies your device as infected is a bug. Therefore, every time a warning about the Win32/Hive.ZY virus appears on the screen, it can be ignored.
Full text of the “Behavior:Win32/Hive.ZY” warning is:
Detected: Behavior:Win32/Hive.ZY Status: Removed A threat or app was removed from this device.
Details: This program is dangerous and executes commands from an attacker.
Since Microsoft released update 1.373.1508.0, two more have been released, the latest being 1.373.1518.0. Despite this, users continue to complain that Windows Defender detects Win32/Hive.ZY. Since this problem has affected Windows users from all over the world, it is likely that Microsoft will soon release a new update that will completely solve the described problem.
How to Fix “Behavior:Win32/Hive.ZY”
If you have Windows Automatic Updates enabled, then the update fixing the “Win32/Hive.ZY” problem will install as soon as it becomes available. Also, you can check for new Security intelligence updates.
To install the latest Windows Defender update, Windows users need to search, open Windows Security from the Start menu, and select “Virus & Threat Protection”. Here, click “Check for updates” under Virus & threat protection updates.
Usually, after installing Windows Defender updates, a reboot is not necessary, but to be sure, it can be useful to restart Windows after installing a new update. After a reboot, you can check if it fixes the false positive and the Win32/Hive.ZY detection.
At the moment, Microsoft has announced that it has released a new update aimed at solving this problem. All customers using Windows Automatic Updates do not need to take any additional action.
If you were unable to update Windows Defender using the steps above, then there is a way to manually update Windows Defender by clicking one of the following links.
As mentioned above, this issue has been fixed in version 1.373.1537.0. However, several more have been released since this update, so your version may show up as 1.373.1567.0 or later.