There are a huge number of users who ran into trouble with Microsoft Defender. The app started flagging everything that is Chromium based as "Behavior:Win32/Hive.ZY". Even the Edge binaries were marked as infected.
The issue is caused by a defect in the Defender's threat signatures. So it started flagging everything that contains the Chromium project code. The issue affects even Electron apps, for example, VS Code.
The bug in Defender signatures was first introduced in version 1.373.1508.0 released on September 4. Some lucky users report that they successfully installed this signature database and don't run into this issue.
But for others, Defender shows endless notifications about the "Behavior: Win32/Hive.ZY" threat every time they open apps. Some users also report that even blocking the threat does not help, as notifications about it continue to come every 20 seconds.
As you could guess, it is a false positive. The Microsoft Defender team has quickly released a patched version of the signature database. Here's what to do to fix the bug.
- Open Windows Security from the Start menu or by clicking the shield icon in the tray.
- Click Virus & Threat protection.
- Under Virus & threat protection updates, check for the latest signatures.
- Restart Windows.
You must now have signature version 1.373.1537.0 or higher. It contains a fix.
If for some reason Windows Security doesn't show you the updated database, you can download and install them manually using these links:
via Windows Central
Winaero greatly relies on your support. You can help the site keep bringing you interesting and useful content and software by using these options:
If you like this article, please share it using the buttons below. It won't take a lot from you, but it will help us grow. Thanks for your support!