What Is It?
Here is a BleepingComputer news article written by Lawrence Abrams about a current false positive / malware database (signature update) issue with Microsoft’s Windows Security / Microsoft Defender called: Microsoft Defender Falsely Detects Win32/Hive.ZY In Google Chrome, Electron Apps.
Here is a brief description of this news article:
A bad Microsoft Defender signature update mistakenly detects Google Chrome, Microsoft Edge, Discord, and other Electron apps as ‘Win32/Hive.ZY’ each time the apps are opened in Windows.
The issue started Sunday morning when Microsoft pushed out Defender signature update 1.373.1508.0 to include two new threat detections, including Behavior:Win32/Hive.ZY.
“This generic detection for suspicious behaviors is designed to catch potentially malicious files.
If you downloaded a file or received it through email, ensure that it is from a reliable source before opening it,” reads the Microsoft detection page for Win32/Hive.ZY.
According to BornCity, the false positive is widespread, with users reporting on BleepingComputer, Twitter, and Reddit that the detections appear each time they open their browser or an Electron app.