Question
Issue: How to fix Windows Defender reporting "Behavior:Win32/Hive.ZY" repeatedly?
Hello. I booted my PC today as I usually do in the morning. After some time, a pop-up with the “Behavior:Win32/Hive.ZY” detection was shown. As it seemed at the time, Defender quickly took care of it, and I went on with my day. Just a few minutes later, I spotted another detection of the same name, and these detections seem to continue. How do I remove this virus from my system, and why can't Defender remove it properly?
Solved Answer
Windows Defender, recently known as Microsoft Defender, is a built-in security software shipped with all the newest Windows versions. The application is completely free, so it makes it a convenient choice for many OS users worldwide.
Indeed, according to independent sources such as AV-Test,[1] Microsoft Defender does a pretty good job at detecting all sorts of malware, with surprisingly low false-positive rates. The anti-malware is also being praised by used to be a lot less intrusive and lets them do their work on the PC without notifications about less important or serious issues.
Speaking of which, on the morning of September 4, 2022, users noticed some suspicious behavior from Microsoft Defender, as it kept detecting something under the name of “Behavior:Win32/Hive.ZY” repeatedly.
Usually, when a malicious file or behavior is detected on the device, users are warned with the pop-up message, and the threat is quarantined immediately. If they are willing to do so, they could manually allow the quarantined file to be allowed, which is not recommended to do.
In this case, users noticed that “Behavior:Win32/Hive.ZY” detections keep on coming and never stop, which results in a rather spammy experience. However, most people were more concerned about whether their systems were actually infected and how come the security software was unable to stop the threat.
What is “Behavior:Win32/Hive.ZY” and why is it being detected?
According to the Microsoft Security Intelligence database, Behavior:Win32/Hive.ZY is “generic detection for suspicious behaviors is designed to catch potentially malicious files.” [2]The entry was added on September 4, the same date when thousands of users began getting warnings about their systems being infected, which is not a coincidence.
The truth is, is that the detection is actually a false positive and detects legitimate files of Discord, Google Chrome, MS Edge, Spotify, and some other Chromium-based apps as malicious. The reason for this is a mistake within the Microsoft Defender database which occurred due to an update 1.373.1508.0[3] that was shipped worldwide.
Due to thousands of reports, Microsoft was forced to push an update that would fix the issue for everyone. Nonetheless, there are a few other ways to resolve this. After all, this is not the first time started to identify the same threat repeatedly, and some of the fixes differ depending on the reasoning behind it.
How to stop “Behavior:Win32/Hive.ZY” notifications
There are two options to fix the bug[4] causing false detections: either uninstall the update that caused the fake threat detection spam or make sure that the system is forcefully updated once again. We strongly recommend going with the latter option, as it would make sure that your system is fully protected from legitimate malware.
Apply the latest Windows patch to fix the bug
- Click the Show hidden items icon in your taskbar (located next to your language preferences, time/date)
- Here, double-click the Windows Security icon
- Click on Virus & threat protection
- Scroll down to locate Virus & threat protection updates
- Click Check for updates
- Once the latest updates are installed, restart your system.
Uninstall the update causing the issue
Alternatively, you could uninstall the update that is causing you the issue, even though this is not recommended.
- Type Control Panel in Windows search and press Enter
- Select Programs > Uninstall a program
- Click on View installed updates on the left side of the window
- Sort all the updates by date
- Right-click on the most recent update and select Uninstall
- Proceed with on-screen instructions and restart your PC.
Tip: for better PC performance and security, we recommend employing the RestoroMac Washing Machine X9 repair and maintenance tool that can fix virus damage, clean your system from junk, and repair any issues with the registry or other Windows components.
Repair your Errors automatically
ugetfix.com team is trying to do its best to help users find the best solutions for eliminating their errors. If you don't want to struggle with manual repair techniques, please use the automatic software. All recommended products have been tested and approved by our professionals. Tools that you can use to fix your error are listed bellow:
Prevent websites, ISP, and other parties from tracking you
To stay completely anonymous and prevent the ISP and the government from spying on you, you should employ Private Internet Access VPN. It will allow you to connect to the internet while being completely anonymous by encrypting all information, prevent trackers, ads, as well as malicious content. Most importantly, you will stop the illegal surveillance activities that NSA and other governmental institutions are performing behind your back.
Recover your lost files quickly
Unforeseen circumstances can happen at any time while using the computer: it can turn off due to a power cut, a Blue Screen of Death (BSoD) can occur, or random Windows updates can the machine when you went away for a few minutes. As a result, your schoolwork, important documents, and other data might be lost. To recover lost files, you can use Data Recovery Pro – it searches through copies of files that are still available on your hard drive and retrieves them quickly.
Ugnius Kiguolis is the founder and editor-in-chief of UGetFix. He is a professional security specialist and malware analyst who has been working in IT industry for over 20 years.
- ^ AV-TEST Product Review and Certification Report – May-Jun/2022. AV-Test. Independent IT-Security Institute.
- ^ Behavior:Win32/Hive.ZY. Microsoft. Microsoft Security Intelligence.
- ^ Change logs for security intelligence update version 1.373.1508.0. Microsoft. Microsoft Security Intelligence.
- ^ Software bug. Wikipedia. The free encyclopedia.
