[German]Yesterday, Sunday (Sept. 4, 2022), Windows users were very excited when Microsoft Defender reported a Behaviour:Win32/Hive.ZY detection. The whole thing was a false alarm after Microsoft had armed the signatures for this malware via update, because Chromium browsers, Electron framework apps and other applications were found to be infected. Now Microsoft has fixed this issue with the signature update.
Advertising
The Behaviour:Win32/Hive.ZY false positive
Microsoft Defender detects Behaviour:Win32/Hive.ZY as a threat with suspicious behavior – corresponding files could get onto users' systems as email attachments and downloads. Therefore, the virus scanner then also raises an alarm as soon as a corresponding signature is found in a file.
Microsoft had introduced the detection of the Behaviour:Win32/Hive.ZY signature only on September 4, 2022 with the update KB2267602. As soon as the Defender signature file had version 1.373.1508.0, the virus scanner would hit and report the malware when a Chromium-based browser (Google Chrome, Edge, etc.) was launched. However, all applications in which the Electron framework was used also triggered an erroneous detection of Behaviour:Win32/Hive.ZY. Even the Windows settings page was detected as malicious. Some users could no longer work with the system as it was flooded with alerts from Defender. I had reported about the problem promptly yesterday in the blog post Windows Defender reports (false positive) Behaviour:Win32/Hive.ZY (Sept. 4, 2022).
Signature file 1.373.1537.0 fixes the problem
Over the course of Sunday, several signature updates for Microsoft Defender came out, but they did not fix the problem. Only version 1.373.1537.0 of the signature file made the Behaviour:Win32/Hive.ZY false positives stop. Blog reader Bolko mentioned it here and pointed to this Microsoft Answers forum post where a moderator published this information.
Those who are still affected should search for "Windows Security", then navigate to Protection from viruses and threats and let Defender update it's signature file. Afterwards perform a reboot, if the issue hasn't gone.
