Skip to content

Microsoft misidentifies Chromium and Electron-based apps as malware

  • by
  • 2 min read

Over the weekend, scores of people complained about the ‘Behavior:Win32/Hive.ZY’ warning when trying to run Google Chrome, Spotify, Discord, Whatsapp and other apps on their Windows PC. Turns out, it was a false positive, which has been rectified by Defender’s (1.373.1537.0) update.

The confusion was caused by the previous Defender update (KB2267602 – version 1.373.1508.0) that misidentified Chromium browser engine apps and Electron Javascript framework-based apps as the Hive ransomware, which is designed to be used by novice cybercriminals to launch ransomware attacks.

While false positives aren’t a good look for a megacorp such as Microsoft, but people in the forums mostly seem happy about Defender’s progress overall.

The update seems to have fixed the issue for people who were complaining on the forum earlier.

Still seeing the ‘Behavior:Win32/Hive.ZY’ error?

If you’re still seeing the ‘Behavior:Win32/Hive.ZY’ warning, go to Windows settings and check for updates on the Windows Security Virus & Threat protection screen.

You can also access offline installers for this update below.

Last month, Microsoft released a patch for a zero-day — tracked as CVE-2022-34713, also known as DogWalk — that was being actively exploited, affecting all versions of Windows and Windows servers. The bug makes Windows Support Diagnostic Tool (MSDT) vulnerable, which means the system can be fully exploited if compromised through remote code exectution.

In the News: LG introduces an NFT marketplace on its smart TVs


Writes news mostly and edits almost everything at Candid.Technology. He loves taking trips on his bikes or chugging beers as Manchester United battle rivals. Contact Prayank via email:

Exit mobile version