Security platform Microsoft Defender has been incorrectly serving users of apps such as Google Chrome, Discord, and Twitch with false positive security alerts.
Users are getting a message, known as "Behavior:Win32/Hive.ZY", which Microsoft says is used to signal potentially malicious files often downloaded via channels such as email.
Perhaps reassuringly, "Hive" is the name of a ransomware-as-service (RaaS) operation which was implicated as the perpetrator of an attack on European consumer electronics retailer Media Markt in September 2021.
What now?
The bug has reportedly been addressed in Microsoft Defender update version 1.373.1537.0.
Users began reporting the bug on Micorosft support forums after the release of a Security Intelligence Update name KB2267602.
The timing of the update was also seemingly quite unfortunate, Microsoft US was enjoying a long holiday weekend for the Labor .
The common denominator of the apps impacted is that they are running Google’s open-source Chromium browser engine or the Electron JavaScript framework, an open-source software framework used by apps such as WhatsApp, Yammer, and Visual Studio Code.
This wouldn’t be the first instance of Microsoft's firewall reporting erroneous false positives about Chrome
Back in the dark ages of 2011, Microsoft Security Essentials and Microsoft Forefront labeled a Chrome executable as the ZeuS trojan which was aimed at stealing users' bank logins.
The issue reportedly left users unable to use Chrome for hours.
More recently, a number of Windows system admin reports demonstrated that Microsoft Defender for Endpoint had tagged browser updates made via the Google Update service as suspicious.
- Not happy with Windows Defender? Checkout our guide to the best antivirus software
