Are you getting a “Behavior:Win32/Hive.ZY” error message on Windows?
Here are the details, “A threat or app was removed from this device”.
“This program is dangerous and executes commands from an attacker”.
“Affected items: behavior: pid:25924:74439979291537.
It says that the threat is blocked and that its status is “Severe”.
In this guide, you’ll learn what is the “Behavior:Win32/Hive.ZY” threat on Windows Defender and how to fix it.
What is Behavior:Win32/Hive.ZY?
Behavior:Win32/Hive.ZY is a bug that is caused by the latest Microsoft Defender Antivirus update.
If you’re getting the threat, don’t worry, because it’s not an actual virus.
Thousands of users are reporting the error on forums like Reddit and the Microsoft Community.
Here’s what Apptils Horray said, “Every time I open any chromium-based program, Windows Defender notifies me that it’s found and removed the win32/hive.zy malware”.
Here’s a post by u/tooshiftyforyou on Reddit, “A few minutes ago, I got a “threat detected” from Windows Defender for “Behavior:Win32/Hive.ZY”. The notification quickly disappeared and it said that the threat had been taken care of”.
“20 seconds later the same threat notification popped up again”.
The post got over 1,600 upvotes in less than 9 hours and has more than 900 comments.
Apparently, the error message happens every time you open Chrome, Discord, Spotify, etc.
Don’t panic because it’s a bug with Electron-based or Chromium-based applications.
This is because there is a false entry in the Windows Defender antivirus’ database.
How to fix “Behavior:Win32/Hive.ZY” on Windows
To fix “Behavior:Win32/Hive.ZY” on Windows, you need to wait for a new Microsoft Defender Antivirus update.
According to DaveM121, an Independent Advisor for the Microsoft Community, the threat is caused by the latest Microsoft Defender update.
The update is KB2267602 (Version 1.373.1508.0).
The threat is a false positive and it’s a bug that’s reported by thousands of people worldwide.
Currently, the Microsoft Defender Team is investigating the bug and they will release a patch for it soon.
In the meantime, you shouldn’t click “Allow a threat” through Defender.
Updating Chrome or Edge will not fix the issue, so don’t bother trying.
It’s just a bug on Microsoft’s end, and it affects more than just Chromium-based apps.
It triggers when you open other apps like Windows Settings.
For now, you need to wait until Microsoft fixes the bug and releases a follow-up update for Microsoft Defender.
Update: A fix has been released (Version: 1.373.1537.0), please “select Check for updates” in the “Windows Security Virus & threat protection” screen.