What Is It?
Here is a BleepingComputer news article written by Lawrence Abrams about a current false positive / malware database (signature update) issue with Microsoft’s Windows Security / Microsoft Defender called: Microsoft Defender Falsely Detects Win32/Hive.ZY In Google Chrome, Electron Apps.
Here is a brief description of this news article:
A bad Microsoft Defender signature update mistakenly detects Google Chrome, Microsoft Edge, Discord, and other Electron apps as ‘Win32/Hive.ZY’ each time the apps are opened in Windows.
The issue started Sunday morning when Microsoft pushed out Defender signature update 1.373.1508.0 to include two new threat detections, including Behavior:Win32/Hive.ZY.
“This generic detection for suspicious behaviors is designed to catch potentially malicious files.
If you downloaded a file or received it through email, ensure that it is from a reliable source before opening it,” reads the Microsoft detection page for Win32/Hive.ZY.
According to BornCity, the false positive is widespread, with users reporting on BleepingComputer, Twitter, and Reddit that the detections appear each time they open their browser or an Electron app.
My Thoughts
Last night, I installed DefenderUI for the first time to test it out, and this morning Windows Security was warning me that it detected & removed something called Behavior:Win32/Hive.ZY.
I looked for further details to see what file it was talking about, oddly there was no file, and all it showed was: Affected Item: Behavior: pid:10892:74439979291537.
I wondered if it was falsely detecting some behavior of DefenderUI as malicious or if it was detecting an actual threat somewhere else on my computer, so I went only to investigate.
Behavior: pid:10892:74439979291537 led to no results, but Behavior:Win32/Hive.ZY led to me finding that this was a false positive / malware database issue with Windows Security that was impacting everyone in the world who updated to that version of its malware database.
Hopefully Microsoft will fix this soon, and will take steps to prevent this from happening again.
I still recommend using Microsoft’s free Windows Security, just make sure to use something like ConfigureDefender to set its settings to High or DefenderUI to set its settings to Recommended.
Also use a free ad / tracker blocker like uBlock Origin or Adguard Browser Extension, use a free security web browser extension like Malwarebytes Browser Guard, use a free ad blocking / tracker blocking / malicious website blocking DNS like Adguard DNS, and use a free on-demand scanner like Malwarebytes (Free).
The end,
- John Jr
John Jr's Blog 