Further updates to the story are listed below and include the latest version of the security intelligence updates needed to correct Win32/Hive.ZY false positives.
A harmful Microsoft Defender signature update mistakenly detects Google Chrome, Microsoft Edge, Discord, and other Electron applications as ‘Win32/Hive.ZY Every time they are launched within Windows.
The issue started Sunday morning when Microsoft pushed out Defender signature update 1.373.1508.0 to include two new threat detections, including Behavior:Win32/Hive.ZY.
“This generic detection for suspicious behaviors is designed to catch potentially malicious files. If you downloaded a file or received it through email, ensure that it is from a reliable source before opening it,” is the message on the Microsoft page to detect Win32/Hive.ZY.
According to BornCity the false positive is widely reported Users have reported in BleepingComputer, Twitter, and Reddit that the false positives pop up every time they launch their browser, or the Electron application.
While Microsoft Defender will continuously display the alerts whenever apps are open It is crucial to recognize it is not a true positive and your device may be mistakenly being identified as being infected.
Microsoft has issued two new Microsoft Defender security intelligence updates with the most recent version being 1.373.1518.0.
While this signature update will not show Win32/Hive.ZY detects in BleepingComputer’s tests users have reported that they are still receiving false positive results.
To see if there are any the latest security intelligence updates, Windows users can look for and launch Windows Security from the Start Menu, select Virus and threat protection, then click the Updates tab under Virus & Threat Protection updates.
While it’s usually not needed, in this particular instance it might be beneficial to restart Windows following the installation of the new security intelligence update in order to see whether it eliminates this false positive.
Because this issue is so all-encompassing and has caused confusion in Windows users around the world We can expect to get a new update to fix the issue within a few hours, if it is not sooner.
At the moment there is no official confirmation from Microsoft.
Update 6:47 PM EST:
Microsoft has announced Microsoft Defender Security Intelligence Update version 1.373.1537.0 According to reports appears to fix the Win32/Hive.ZY false positive issue that is affecting Windows users in the present.
Follow the steps that are at the bottom of the article to upgrade to the latest version.
Update 9:25 PM EST:
Microsoft has shared the following information with BleepingComputer:
“We have released an update to address this issue and customers using automatic updates for Microsoft Defender do not need to take additional action.” A Microsoft spokesperson.
In addition, Microsoft stated that customers in the enterprise managing their updates should make sure that they’re running detect build 1.373.1537.0 or greater.
