While the threat displays in Windows Defender as “severe”, it is in fact a false positive. And shortly after the issue appeared, Microsoft rolled out a security intelligence update that stops the alerts from popping up. While not all users are affected, if your device shows this alert, here’s how to fix it.

Users Affected by Behavior:Win32/Hive.ZY

You may notice, when opening certain apps, that they get flagged as Behavior:Win32/Hive.ZY by Windows Defender. The affected apps include Google Chrome and Chromium Edge, plus Electron-based apps like WhatsApp, Discord, and Spotify.

For example, if you open a new Chrome window (note, this does not happen when opening a new tab), the threat will appear in the bottom right-hand corner of your Windows laptop or PC.

Users who click on the notification will see the threat is marked as severe by Windows Defender, with the option to Remove or Allow on device.

If you select Remove and then click on Start actions, you’ll notice that the next time you open one of the affected apps, the threat will once again pop up.

Microsoft Confirms That Behavior:Win32/Hive.ZY Is a False Positive

Many Windows 10/11 users took to the Microsoft forums looking for answers. DaveM121, an Independent Advisor for Microsoft, confirmed in response to a Microsoft Answers question:

To put your mind at rest, users experiencing this issue aren’t at risk, and their devices are not infected by any kind of virus. The issue is said to have originated from Windows Defender’s security intelligence version 1.373.1508.0.

How to Fix the Behavior:Win32/Hive.ZY Alert

After many reports of the Behavior:Win32/Hive.ZY alert came in, Microsoft issued a simple fix to resolve the issue.

Press the Windows logo on your keyboard and type in Settings. Navigate to Privacy & security > Open Windows Security. Click on Virus & threat protection. Select Protection updates from the menu then click Check for updates.

If you are unable to see the update when taking the steps above, you can update Windows Defender manually by clicking on one of the following links.

64-bit download 32-bit download

The fix for this issue rolled out with version 1.373.1537.0. However, there has since been another update to Windows Defender, so your version may appear as version 1.373.1567.0 or later.

Windows Defender Has a History of False Positives

While there is now a fix to the issue some users were experiencing with Windows Defender, this isn’t the first false positive Microsoft is guilty of flagging in 2022. In April, Defender flagged a Google Chrome update as bad, annoying plenty of people in the process.

The good news is that any potential issues are fixed very promptly by Microsoft. Windows users should continue to check for OS updates, as well as security intelligence updates to ensure their devices are protected.