Seems like almost all Windows users are facing an unknown threat “Behavior:Win32/Hive.ZY” notified by Microsoft Defender on their PCs. Multiple users from across the world reported a Microsoft Defender False Positive Threat. In the early hours of 4th September 2022, users from Spain, Malaysia, the USA, Ukraine, and other countries reported the issue.
Just 2 hours ago, a user by the name of “u/tooshiftyfouryou” took to their Reddit account to talk about a major error shown by his/her PC. The user stated that their PC detected a threat from windows defender for “Behavior:Win32/Hive.ZY”. However, the notification was quick to disappear. Nevertheless, a mere 20 seconds later, the notification reappeared, only to disappear again soon after. The user panicked and shut down their PC for fear of a hack or malware problem. u/tooshiftyfouryou stated, “I have no idea what this is, what do I do, scared to turn on PC.”
Multiple Reddit users were quick to comment on the post stating that they faced the same issue. Initially many presumed that it may be a bug within the Windows Defender System. A user by the Reddit handle, Appsolly commented, “Every time I open my browser the threat “Behavior:Win32/Hive.ZY” pops up, I think you might be right.” Another user stated that each time they would open up Steam, Razer Central, or Spotify, they would also face the same issue.
Furthermore, reportedly multiple other sites such as Warframe, Steam, and Epic Games also showed the same threat. The sudden and unknown threat faced by multiple users simultaneously led them to instantly turn off their PCs. They then turned to Reddit for help.
Users also took to the comment section to suggest that this may be an issue specific to Chromium-based applications. Applications such as Discord, Spotify, and Chrome which are all chromium based seem to face the same issue.
A Reddit user by the handle, “jamdana” claimed that the issue was specifically related to Chromium apps (the browser on which Edge and Brave are based). The user also stated that all such applications that put an embedded browser to use could also trigger a similar alert by the Windows Defender.
After shortening it down to Chromium-based apps, some users also claimed that “Behavior:Win32/Hive.ZY” may simply be a false positive. Hence, there was no need to worry. However, users only took a sigh of relief when Microsoft’s Official Discord channel took notice of the issue. The company released a Tech Suppor Update on their Discord Channel. It claimed that Defender’s database saw Electron-based or Chromium-based apps as foreign Malware. This is because there was an entry in the Virus DBs. However, the tech giant assured its users that they do not need to stress over this issue and that it would soon be fixed.
User “Apptils Horray” went to the official Microsoft help center on their website to explain the issue. After explaining the issue, the user claimed that they tried to do an offline scan. Unfortunately, that was not of any help either. “Apptils Horray” also claimed that while Malwarebytes did get rid of the notification, it does not seem to solve the problem. Regarding Malwarebytes, the user stated, “I expect it’s doing the exact same thing as Windows Defender and catching it every time, just not telling me about it.”
Luckily, the Microsoft help team was quick to respond to the issue. Dave from Microsoft replied to Apptils’ claim. Dave explained that the error was nothing more than a false positive. Multiple users also reported the same issue as well. He further ensured that the issue was specific to Chromium-based web browsers. According to Dave from Microsoft, the issue may be triggered by a Windows or a web browser update.
User, u/tooshiftyfouryou, who was the first to report the issue, attached a link to Microsoft query on their updated Reddit post.
Preventive Measures To Avoid The Windows Defender False Positive “Behavior:Win32/Hive.ZY”
As countless users faced the same issue of Windows Defender False Positive, many wished to know how to fix or avoid the potential issue. In this regard, Reddit users again came together to help their community.
A user by the Reddit handle of “My-Secret-Love” took to the comments section to explain the threat. The user claimed that it was linked to the Security Intelligence Update for Microsoft Defender Antivirus – KB2267602 (Version 1.373.1508.0). Seemingly, the update was what triggered the problem.
My-Secret-Love also told users how to tackle the issue. In order to avoid the error, users should simply head to windows security – protection history – threat blocked – actions and allow it. However, this must only be done for specific applications that users are sure are not of any threat.
While the issue only arose a mere 2 hrs ago, it seems to draw quite the internet attention. Nonetheless, Microsoft took notice of the issue and is hard at work resolving the problem. As confirmed by the Microsoft team, users can calm down as their PCs are likely at no real threat. We hope that the team fully resolves this error as soon as possible.