Windows 10: Microsoft confirms Behavior:Win32/Hive.ZY false error bug in Windows Defender

A Microsoft official confirmed widespread reports of Google Chrome, Chromium Edge, Discord and several other apps getting flagged as “Behavior:Win32/Hive.ZY” by Microsoft’s in-built antivirus ‘Windows Defender’. In a statement, the tech giant confirmed that it’s already working on a fix which will be published within the next few hours.

So what exactly is “Behavior:Win32/Hive.ZY”? According to a document published on Microsoft’s security portal, any file flagged as “Behavior:Win32/Hive.ZY” is a threat with suspicious behaviour designed. It is used to flag potentially malicious files, especially those files downloaded through emails.

The notification seems to have been added with Defender version 1.373.1508.0. Your app could be flagged as malicious by the following apps:

• Microsoft Defender Antivirus for Windows 10, Windows 11 and Windows 8.1, or Microsoft Security Essentials for Windows 7 and Windows Vista.
• Microsoft Safety Scanner.

We’ve received confirmation from Microsoft that this activity is a false positive issue, but it’s another problem for companies like Google and Discord as customers are apparently reaching out to their support.



The reports, seen by us, show that affected users are automatically shown the aforementioned error during the regular scans of Defender.

“Docker Desktop downloaded from their site or installed via WinGet is reporting “Behavior:Win32/Hive.ZY” as of this morning’s security update. This prevents Docker Desktop from being upgraded via WinGet or the internal application update option, and results in many, many, many spurious warnings,” one of the affected users noted.

In our tests, we observed that Windows Defender on both Windows 10 and Windows 11 is flagging Chromium-based and other apps like Discord as “Win32/Hive.ZY”. If you’re affected, you can easily reproduce the error if you kill all processes for Edge, Chrome or whatever that triggers it and launch the app again.

If the app keeps running in the background, the error will over time pop up again.

“The alert comes up when opening a new page in Chrome, but not all of them. Even for microsoft.com when I click Learn more under protection history. Started happennig today, probably after a Windows Defender update. The culprit is always one of the PIDs of Chrome,” another user noted.

How to fix Behavior:Win32/Hive.ZY


There’s not much you can do to fix Windows Defender’s false positive errors as they can only be patched through a server-side update from Microsoft.

Microsoft says it has started investigating the issue and a fix will be issued soon.

This is the third such incident involving Windows Defender. Earlier this year, some Google Chrome updates were flagged as potentially harmful by Microsoft. A similar incident was reported in March when the company flagged its own Office updates as ransomware threats.

There have been similar incidents in 2021. In fact, Defender once prevented Office apps and apps due to Emotet malware.

The post Microsoft confirms Behavior:Win32/Hive.ZY false error bug in Windows Defender appeared first on Windows Latest

Weiterlesen...

 

WMPlayer win32 error

List the EXACT "blah, blah" you mention, here please... for ALL installation cases!

(Sound like a possible "DLL-Hell" issue, but "Windows File Protection" &/or "System File Protection" should have countered for this... no biggie, there's ways around that too!)

*Smile

* I have to 'step-out' now, but imo, this is the track to pursue here, & we will when I get back... so, please list that data I request!

APK

 

False Positive by Windows Defender ? Win32/Critet.BS

@G_963

Found thread in ZHPCleaner forum.

Dectection du trojan :Win32/Critet.BS

https://www.nicolascoolman.com/forum/dectection-trojan-win32-critet-t9711.html

Updated Windows Defender definitions to 1.263.740.0 and downloaded ZHPCleaner from author's site. It passed security scan so hopefully the issue has been resolved with false positives.

Try manually updating through Windows Defender Security Center - Virus and Treat Protection Updates and determine if supercopier is still detected.

~

 

Turn On Windows Defender Block Suspicious Behaviors in Windows 10  

The DWORD is set to 0 and I cannot get the process you suggested in the "NOTE" portion of the tutorial to work. Two attached screen shoots will show the before and after attempts to change the Permissions necessary for access to the DWORD change.




Access is denied. (Note-Protected folder in Defender is turned off)