Don’t panic Windows Defender’s Win32/Hive.ZY is a false positive

This alert spam is starting to get annoying.

Windows Defender

Windows Defender seems to be detecting false positives on all Chromium- and Electron-based apps after the latest update.

If you are getting an alert message from your Windows antivirus about a ‘Win32/Hive.ZY’ each time you open Google Chrome or Discord, don’t panic, it’s just a bug as far as we can tell.

According to DaveM121, an independent advisor on Microsoft’s forum, this bug is being reported by many users and seems to be related to Chromium-based browsers and Electron-based apps such as WhatsApp, Discord, and Spotify.

While Microsoft is yet to confirm, the bug is thought to be caused by a KB2267602 (Version 1.373.1508.0) Security Intelligence Update for Microsoft Defender.

Windows Defender Alert
Win32/Hive.ZY causing havoc on my own PC

If your antivirus is still rocking an older version, maybe leave it alone for now, at least until this bug gets fixed. Note that we generally don’t recommend blocking updates since they fix many issues, but this time the bug particularly annoying, with alert messages popping up each time you launch an affected app.

Some of the proposed workarounds include keeping affected apps open – the alert doesn’t appear to resurface until the app is closed – or head to Windows Security -> Protection History -> Threat Blocked -> Actions, and manually allow any apps incorrectly flagged as malware.

While thankfully this time it’s just a bug, such an incident reminds us how important is to keep regular backups. We’re already hearing reports of users having formatted their PC in response to the false positive, fearing a virus was actually taking hold.

Update: Microsoft has released a fix (Version: 1.373.1537.0). If your system has not yet updated automatically, try to select Check for updates in the Windows Security Virus and threat protection screen.