How to fix Windows Defender reporting "Behavior:Win32/Hive.ZY" repeatedly?

Question

Issue: How to fix Windows Defender reporting "Behavior:Win32/Hive.ZY" repeatedly?

Hello. I booted my PC today as I usually do in the morning. After some time, a pop-up with the “Behavior:Win32/Hive.ZY” detection was shown. As it seemed at the time, Defender quickly took care of it, and I went on with my day. Just a few minutes later, I spotted another detection of the same name, and these detections seem to continue. How do I remove this virus from my system, and why can't Defender remove it properly?

Solved Answer

Windows Defender, recently known as Microsoft Defender, is a built-in security software shipped with all the newest Windows versions. The application is completely free, so it makes it a convenient choice for many OS users worldwide.

Indeed, according to independent sources such as AV-Test,[1] Microsoft Defender does a pretty good job at detecting all sorts of malware, with surprisingly low false-positive rates. The anti-malware is also being praised by used to be a lot less intrusive and lets them do their work on the PC without notifications about less important or serious issues.

Speaking of which, on the morning of September 4, 2022, users noticed some suspicious behavior from Microsoft Defender, as it kept detecting something under the name of “Behavior:Win32/Hive.ZY” repeatedly.

Usually, when a malicious file or behavior is detected on the device, users are warned with the pop-up message, and the threat is quarantined immediately. If they are willing to do so, they could manually allow the quarantined file to be allowed, which is not recommended to do.

In this case, users noticed that “Behavior:Win32/Hive.ZY” detections keep on coming and never stop, which results in a rather spammy experience. However, most people were more concerned about whether their systems were actually infected and how come the security software was unable to stop the threat.

How to fix Windows Defender reporting "Behavior:Win32/Hive.ZY" repeatedly?

What is “Behavior:Win32/Hive.ZY” and why is it being detected?

Fix it now! Fix it now!
To repair damaged system, you have to purchase the licensed version of Reimage Reimage.

According to the Microsoft Security Intelligence database, Behavior:Win32/Hive.ZY is “generic detection for suspicious behaviors is designed to catch potentially malicious files.” [2]The entry was added on September 4, the same date when thousands of users began getting warnings about their systems being infected, which is not a coincidence.

The truth is, is that the detection is actually a false positive and detects legitimate files of Discord, Google Chrome, MS Edge, Spotify, and some other Chromium-based apps as malicious. The reason for this is a mistake within the Microsoft Defender database which occurred due to an update 1.373.1508.0[3] that was shipped worldwide.

Due to thousands of reports, Microsoft was forced to push an update that would fix the issue for everyone. Nonetheless, there are a few other ways to resolve this. After all, this is not the first time started to identify the same threat repeatedly, and some of the fixes differ depending on the reasoning behind it.

How to stop “Behavior:Win32/Hive.ZY” notifications

Fix it now! Fix it now!
To repair damaged system, you have to purchase the licensed version of Reimage Reimage.

There are two options to fix the bug[4] causing false detections: either uninstall the update that caused the fake threat detection spam or make sure that the system is forcefully updated once again. We strongly recommend going with the latter option, as it would make sure that your system is fully protected from legitimate malware.

Apply the latest Windows patch to fix the bug

Fix it now! Fix it now!
To repair damaged system, you have to purchase the licensed version of Reimage Reimage.
  • Click the Show hidden items icon in your taskbar (located next to your language preferences, time/date)
  • Here, double-click the Windows Security icon
  • Click on Virus & threat protection
  • Scroll down to locate Virus & threat protection updates

Access Windows Security

  • Click Check for updates
  • Once the latest updates are installed, restart your system.

Check for security updates

Uninstall the update causing the issue

Fix it now! Fix it now!
To repair damaged system, you have to purchase the licensed version of Reimage Reimage.

Alternatively, you could uninstall the update that is causing you the issue, even though this is not recommended.

  • Type Control Panel in Windows search and press Enter
  • Select Programs > Uninstall a program
  • Click on View installed updates on the left side of the window
  • Sort all the updates by date
  • Right-click on the most recent update and select Uninstall
  • Proceed with on-screen instructions and restart your PC.

Uninstall update

Tip: for better PC performance and security, we recommend employing the ReimageMac Washing Machine X9 repair and maintenance tool that can fix virus damage, clean your system from junk, and repair any issues with the registry or other Windows components.

Repair your Errors automatically

ugetfix.com team is trying to do its best to help users find the best solutions for eliminating their errors. If you don't want to struggle with manual repair techniques, please use the automatic software. All recommended products have been tested and approved by our professionals. Tools that you can use to fix your error are listed bellow:

Offer
do it now!
Download Fix
  Happiness
Guarantee
do it now!
Download Fix
  Happiness
Guarantee
Compatible with Microsoft Windows Compatible with OS X
Still having problems?
If you failed to fix your error using Reimage, reach our support team for help. Please, let us know all details that you think we should know about your problem.
Reimage - a patented specialized Windows repair program. It will diagnose your damaged PC. It will scan all System Files, DLLs and Registry Keys that have been damaged by security threats.Reimage - a patented specialized Mac OS X repair program. It will diagnose your damaged computer. It will scan all System Files and Registry Keys that have been damaged by security threats.
This patented repair process uses a database of 25 million components that can replace any damaged or missing file on user's computer.
To repair damaged system, you have to purchase the licensed version of Reimage malware removal tool.

Prevent websites, ISP, and other parties from tracking you

To stay completely anonymous and prevent the ISP and the government from spying on you, you should employ Private Internet Access VPN. It will allow you to connect to the internet while being completely anonymous by encrypting all information, prevent trackers, ads, as well as malicious content. Most importantly, you will stop the illegal surveillance activities that NSA and other governmental institutions are performing behind your back.

 

Recover your lost files quickly

Unforeseen circumstances can happen at any time while using the computer: it can turn off due to a power cut, a Blue Screen of Death (BSoD) can occur, or random Windows updates can the machine when you went away for a few minutes. As a result, your schoolwork, important documents, and other data might be lost. To recover lost files, you can use Data Recovery Pro – it searches through copies of files that are still available on your hard drive and retrieves them quickly.

 

About the author
Ugnius Kiguolis
Ugnius Kiguolis - The problem solver

Ugnius Kiguolis is the founder and editor-in-chief of UGetFix. He is a professional security specialist and malware analyst who has been working in IT industry for over 20 years.

Contact Ugnius Kiguolis
About the company Esolutions

References

What you can add more about the problem: "How to fix Windows Defender reporting "Behavior:Win32/Hive.ZY" repeatedly?"