Microsoft admits Defender has “Behavior:Win32/Hive.ZY” false positives

A Microsoft official confirmed previous reports from multiple media outlets, acknowledging that Microsoft's built-in antivirus software, Microsoft Defender, flagged Google Chrome, the Chromium-based Edge browser, Discord and several other apps as "Behavior:Win32/Hive.ZY". The tech giant confirmed in a statement that the company is already working on a fix and will release a patch in the next few hours.

So what exactly is "Behavior:Win32/Hive.ZY"? According to the information shown in the Microsoft Security Bulletin, any file marked "Behavior:Win32/Hive.ZY" has suspicious behavior. It is used to flag potentially malicious files, especially those downloaded via email.

Starting with Microsoft Defender version 1.373.1508.0, a notification like the one below appears, your app may be flagged as malicious:

• Microsoft Defender Antivirus for Windows 10, Windows 11, and Windows 8.1, or Microsoft Security Essentials for Windows 7 and Windows Vista.
• Microsoft Safety Scanner

We've received confirmation from Microsoft that this activity is a false positive issue, but it's another issue for companies like Google and Discord, as customers are apparently seeking their support.