Skip to content

Microsoft misidentifies Chromium and Electron-based apps as malware

Over the weekend, scores of people complained about the ‘Behavior:Win32/Hive.ZY’ warning when trying to run Google Chrome, Spotify, Discord, Whatsapp and other apps on their Windows PC. Turns out, it was a false positive, which has been rectified by Defender’s (1.373.1537.0) update.

The confusion was caused by the previous Defender update (KB2267602 – version 1.373.1508.0) that misidentified Chromium browser engine apps and Electron Javascript framework-based apps as the Hive ransomware, which is designed to be used by novice cybercriminals to launch ransomware attacks.

While false positives aren’t a good look for a megacorp such as Microsoft, but people in the forums mostly seem happy about Defender’s progress overall.

The update seems to have fixed the issue for people who were complaining on the forum earlier.

Still seeing the ‘Behavior:Win32/Hive.ZY’ error?

If you’re still seeing the ‘Behavior:Win32/Hive.ZY’ warning, go to Windows settings and check for updates on the Windows Security Virus & Threat protection screen.

You can also access offline installers for this update below.

Last month, Microsoft released a patch for a zero-day — tracked as CVE-2022-34713, also known as DogWalk — that was being actively exploited, affecting all versions of Windows and Windows servers. The bug makes Windows Support Diagnostic Tool (MSDT) vulnerable, which means the system can be fully exploited if compromised through remote code exectution.

In the News: LG introduces an NFT marketplace on its smart TVs

Hello There!

If you like what you read, please support our publication by sharing it with your friends, family and colleagues. We're an ad-supported publication. So, if you're running an Adblocker, we humbly request you to whitelist us.

We may earn a commission if you buy something from a link on this page. Thanks for your support.