<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body dir="auto"> <br><br><div dir="ltr">Sent from my iPhone</div><div dir="ltr"><br>Begin forwarded message:<br><br></div><blockquote type="cite"><div dir="ltr"><b>From:</b> David Goldfield <david.goldfield@outlook.com><br><b>Date:</b> September 5, 2022 at 9:32:20 AM EDT<br><b>To:</b> List <tech-vi@groups.io><br><b>Subject:</b> <b>[tech-vi Announce List] Windows Defender is reporting a false-positive threat 'Behavior:Win32/Hive.ZY'; it's nothing to be worried about</b><br><b>Reply-To:</b> tech-vi@groups.io<br><br></div></blockquote><blockquote type="cite"><div dir="ltr">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<div dir="ltr">
<p>Windows Central RSS Feed - Sunday, September 4, 2022 at 12:20 PM</p>
<h1>Windows Defender is reporting a false-positive threat 'Behavior:Win32/Hive.ZY'; it's nothing to be worried about</h1>
<p></p>
<div><img src="https://cdn.mos.cms.futurecdn.net/XfdbFCaRDBtGSVNAhuhQr-1200-80.jpg" class="ff-og-image-inserted" data-unique-identifier=""></div>
<ul>
<li>Windows Defender is alerting people of a "threat detected" for "Behavior:Win32/Hive.ZY"</li><li>The issue is tied to a recent listing in Microsoft's Defender update file, which is making a wrong detection</li><li>The trigger seems tied to Defender detecting "Electron-based or Chromium-based applications as malware"</li><li>Microsoft is expected to patch/update Microsoft Defender to alleviate the issue</li></ul>
<hr>
<p><strong>Update #1 (1:50 PM ET):</strong> According to the Microsoft support forums, the Defender Team indicated they are investigating this and will hopefully release a patch for this soon.</p>
<p><strong>Update #2: (7:50 PM ET): </strong>According to Microsoft support forums, "indications from a Microsoft Agent is a fix has been released (Version: 1.373.1537.0)"</p>
<aside class="hawk-nest" data-render-type="fte" data-skip="dealsy" data-widget-type="seasonal"></aside>
<p><strong>In Windows 10/11, select Check for updates in the Windows Security Virus & threat protection screen to check for the latest updates.</strong></p>
<p><strong>Offline installers are available from these links:</strong></p>
<p>64bit downloads</p>
<p><a href="https://go.redirectingat.com/?id=23432X820454&xcust=wp_us_9077930121118777000&xs=1&url=https%3A%2F%2Fgo.microsoft.com%2Ffwlink%2F%3FLinkID%3D121721%26arch%3Dx64&sref=https%3A%2F%2Fwww.windowscentral.com%2Fsoftware-apps%2Fwindows-11%2Fwindows-defender-is-reporting-a-false-positive-threat-behaviorwin32hivezy-its-nothing-to-be-worried-about" target="_blank" data-url="https://go.microsoft.com/fwlink/?LinkID=121721&arch=x64" data-hl-processed="skimlinks" data-placeholder-url="https://go.redirectingat.com/?id=23432X820454&xcust=hawk-custom-tracking&xs=1&url=https%3A%2F%2Fgo.microsoft.com%2Ffwlink%2F%3FLinkID%3D121721%26arch%3Dx64&sref=https%3A%2F%2Fwww.windowscentral.com%2Fsoftware-apps%2Fwindows-11%2Fwindows-defender-is-reporting-a-false-positive-threat-behaviorwin32hivezy-its-nothing-to-be-worried-about" rel="sponsored noopener" referrerpolicy="no-referrer-when-downgrade" data-google-interstitial="false" data-merchant-name="SkimLinks - microsoft.com" data-merchant-id="undefined" data-merchant-url="undefined" data-merchant-network="undefined">https://go.microsoft.com/fwlink/?LinkID=121721&arch=x64</a><span class="sr-only">
(opens in new tab)</span></p>
<p>32bit Download:</p>
<p><a href="https://go.redirectingat.com/?id=23432X820454&xcust=wp_us_2928689222114887700&xs=1&url=https%3A%2F%2Fgo.microsoft.com%2Ffwlink%2F%3FLinkID%3D121721%26arch%3Dx86&sref=https%3A%2F%2Fwww.windowscentral.com%2Fsoftware-apps%2Fwindows-11%2Fwindows-defender-is-reporting-a-false-positive-threat-behaviorwin32hivezy-its-nothing-to-be-worried-about" target="_blank" data-url="https://go.microsoft.com/fwlink/?LinkID=121721&arch=x86" data-hl-processed="skimlinks" data-placeholder-url="https://go.redirectingat.com/?id=23432X820454&xcust=hawk-custom-tracking&xs=1&url=https%3A%2F%2Fgo.microsoft.com%2Ffwlink%2F%3FLinkID%3D121721%26arch%3Dx86&sref=https%3A%2F%2Fwww.windowscentral.com%2Fsoftware-apps%2Fwindows-11%2Fwindows-defender-is-reporting-a-false-positive-threat-behaviorwin32hivezy-its-nothing-to-be-worried-about" rel="sponsored noopener" referrerpolicy="no-referrer-when-downgrade" data-google-interstitial="false" data-merchant-name="SkimLinks - microsoft.com" data-merchant-id="undefined" data-merchant-url="undefined" data-merchant-network="undefined">https://go.microsoft.com/fwlink/?LinkID=121721&arch=x86</a><span class="sr-only">
(opens in new tab)</span></p>
<hr>
<p>This morning, a listing in Microsoft Defender's database (or even Windows Update) is causing havoc on people's Windows PCs. </p>
<p>People on <a href="https://www.reddit.com/r/computerviruses/comments/x5idjw/help_behaviorwin32hivezy/?utm_source=share&utm_medium=ios_app&utm_name=iossmf" data-url="https://www.reddit.com/r/computerviruses/comments/x5idjw/help_behaviorwin32hivezy/?utm_source=share&utm_medium=ios_app&utm_name=iossmf">
Reddit</a> are "freaking out" over not just a reported threat from Microsoft Defender but one that keeps popping up and recurring despite the alleged threat being blocked.</p>
<p>The threat is revealed in a pop-up message noting that "<strong>Behavior:Win32/Hive.ZY</strong>" has been detected and is listed as "severe." However, after taking action to rectify the issue, it does not go away, and the user will keep receiving the same
prompt. The reminder may return after 20 seconds, with the cycle repeating endlessly.</p>
<p>We experienced the issue on one PC; see the screenshots below.</p>
<div id="slice-container-imageGallery-2078334498" class="slice-container imageGallery-wrapper imageGallery-2078334498">
<div data-hydrate="true" class="inline-gallery first-slide-only" data-reactroot="">
<p>Image<!-- --> 1<!-- --> of<!-- --> 3</p>
<div class="inline-gallery__items">
<div class="react-swipeable-view-container">
<div aria-hidden="false" data-swipeable="true">
<div class="items__item">
<div class="item__image-cont">
<div class="image-cont__image"><figure class="image-wrapped__wrapper" data-bordeaux-image-check="true"><figcaption class="caption-credit__figcaption"><span class="caption-credit__credit" itemprop="copyrightHolder">(Image credit:<!-- --> Daniel Rubino<!-- -->)</span></figcaption></figure></div>
<p>Image<!-- --> 1<!-- --> of<!-- --> 3</p>
</div>
<h4 class="item__title"></h4>
</div>
</div>
<div aria-hidden="true" data-swipeable="true">
<div class="items__item">
<div class="item__image-cont">
<div class="image-cont__image"><figure class="image-wrapped__wrapper" data-bordeaux-image-check="true"><figcaption class="caption-credit__figcaption"><span class="caption-credit__credit" itemprop="copyrightHolder">(Image credit:<!-- --> Daniel Rubino<!-- -->)</span></figcaption></figure></div>
<p>Image<!-- --> 1<!-- --> of<!-- --> 3</p>
</div>
<h4 class="item__title"></h4>
</div>
</div>
<div aria-hidden="true" data-swipeable="true">
<div class="items__item">
<div class="item__image-cont">
<div class="image-cont__image"><figure class="image-wrapped__wrapper" data-bordeaux-image-check="true"><figcaption class="caption-credit__figcaption"><span class="caption-credit__credit" itemprop="copyrightHolder">(Image credit:<!-- --> Daniel Rubino<!-- -->)</span></figcaption></figure></div>
<p>Image<!-- --> 1<!-- --> of<!-- --> 3</p>
</div>
<h4 class="item__title"></h4>
</div>
</div>
</div>
</div>
</div>
</div>
<p>The actual threat is only noted as "This generic detection for suspicious behaviors is designed to catch potentially malicious files."</p>
<p>The good news is that your computer, should you be experiencing this problem, is not infected with any virus or malware. This detection appears to be a false positive, according to a
<a href="https://click.linksynergy.com/deeplink?id=kXQk6%2AivFEQ&mid=24542&u1=wp-us-1187069057657592000&murl=https%3A%2F%2Fanswers.microsoft.com%2Fen-us%2Fprotect%2Fforum%2Fall%2Fwin32hivezy-removal-notification-every-time-i-run%2Fdb598180-4b74-4f19-8c1f-117d688caf91" data-url="https://answers.microsoft.com/en-us/protect/forum/all/win32hivezy-removal-notification-every-time-i-run/db598180-4b74-4f19-8c1f-117d688caf91" target="_blank" data-hl-processed="hawklinks" data-placeholder-url="https://click.linksynergy.com/deeplink?id=kXQk6%2AivFEQ&mid=24542&u1=hawk-custom-tracking&murl=https%3A%2F%2Fanswers.microsoft.com%2Fen-us%2Fprotect%2Fforum%2Fall%2Fwin32hivezy-removal-notification-every-time-i-run%2Fdb598180-4b74-4f19-8c1f-117d688caf91" rel="sponsored noopener" referrerpolicy="no-referrer-when-downgrade" data-google-interstitial="false" data-merchant-name="microsoft.com" data-merchant-id="1855" data-merchant-url="microsoft.com" data-merchant-network="LS">
Microsoft Support forum</a><span class="sr-only"> (opens in new tab)</span>, where a listing in Microsoft Defender's database incorrectly reports activity as dangerous. </p>
<p>From DaveM121, an Independent Advisor:</p>
<p><em>"This does seem to be a false positive, it is a bug currently being reported by hundreds of people at the moment, it seems to be related to all Chromium based web browsers and Electron based apps like Whatsapp, Discord, Spotify...etc."</em></p>
<p><em>"This is an evolving situation with no official word from Microsoft yet, but seems to be caused by Security Intelligence Update for Microsoft Defender Antivirus - KB2267602 (Version 1.373.1508.0)"</em></p>
<p>The common thread among users experiencing this problem is the usage of "Electron-based or Chromium-based applications," including Google Chrome, Microsoft Edge, and anything that runs Visual Studio Code.</p>
<p>The problem seems to originate from <strong>Defender's Definition/Update Version 1.373.1508.0</strong>, meaning Microsoft needs to update that file, and the issue should be resolved.</p>
<p>So far, Microsoft has not publicly commented on the problem as it is a holiday weekend in the United States. There could be an extended delay in getting the update pushed out to millions of likely affected computers.</p>
<p><em>We'll update this article accordingly if there are any new solutions or comments from Microsoft.</em></p>
<p></p>
<p><a href="https://www.windowscentral.com/software-apps/windows-11/windows-defender-is-reporting-a-false-positive-threat-behaviorwin32hivezy-its-nothing-to-be-worried-about">https://www.windowscentral.com/software-apps/windows-11/windows-defender-is-reporting-a-false-positive-threat-behaviorwin32hivezy-its-nothing-to-be-worried-about</a></p>
</div>
<br>
<br>
<div dir="ltr"> David Goldfield
<div>Assistive Technology Specialist</div>
<div><br>
</div>
<div>Feel free to visit my Web site</div>
<div>WWW.DavidGoldfield.info</div>
</div>
<div width="1" style="color:white;clear:both">_._,_._,_</div> <hr> Groups.io Links:<p> You receive all messages sent to this group. </p><p> <a target="_blank" href="https://groups.io/g/tech-vi/message/2574">View/Reply Online (#2574)</a> | <a target="_blank" href="mailto:tech-vi@groups.io?subject=Re:%20%5Btech-vi%20Announce%20List%5D%20Windows%20Defender%20is%20reporting%20a%20false-positive%20threat%20%27Behavior%3AWin32%2FHive.ZY%27%3B%20it%27s%20nothing%20to%20be%20worried%20about">Reply To Group</a> | <a target="_blank" href="mailto:david.goldfield@outlook.com?subject=Private:%20Re:%20%5Btech-vi%20Announce%20List%5D%20Windows%20Defender%20is%20reporting%20a%20false-positive%20threat%20%27Behavior%3AWin32%2FHive.ZY%27%3B%20it%27s%20nothing%20to%20be%20worried%20about">Reply To Sender</a> | <a target="_blank" href="https://groups.io/mt/93478517/19249">Mute This Topic</a> | <a href="https://groups.io/g/tech-vi/post">New Topic</a><br> <a href="https://groups.io/g/tech-vi/editsub/19249">Your Subscription</a> | <a href="mailto:tech-vi+owner@groups.io">Contact Group Owner</a> | <a href="https://groups.io/g/tech-vi/leave/10262678/19249/1281273783/xyzzy">Unsubscribe</a> [rmann0581@gmail.com]<br> </p><div width="1" style="color:white;clear:both">_._,_._,_</div>
</div></blockquote></body></html>