Google Chrome not working? Microsoft Defender may be to blame


Security platform Microsoft Defender has falsely provided users of apps such as Google Chrome, Discord and Twitch with false positive security warnings.

Users get a message known as “Behavior:Win32/Hive.ZY”, which Microsoft says is used to flag potentially malicious files (opens in new tab) often downloaded through channels such as email.

Perhaps reassuringly, “Hive” is the name of a ransomware-as-service (RaaS) operation accused of attacking European consumer electronics retailer Media Markt in September 2021.

What now?

The bug has reportedly been fixed in Microsoft Defender update version 1.373.1537.0.

Users started reporting the bug on Micorosft support forums after the release of a Security Intelligence Update named KB2267602.

The timing of the update was apparently also rather unfortunate, Microsoft US enjoyed a long holiday weekend for Labour.

The common denominator of the affected apps is that they use Google’s open-source Chromium browser engine or the Electron JavaScript framework, an open-source software framework used by apps such as WhatsApp, Yammer, and Visual Studio Code.

This Wouldn’t Be the First Time Microsoft’s Firewall Reports False Positives on Chrome

In the dark ages of 2011, Microsoft Security Essentials and Microsoft Forefront labeled a Chrome executable as the ZeuS Trojan that aimed to steal users’ banking logins.

The issue prevented users from using Chrome for hours.

More recently, a number of Windows system administrator reports showed that Microsoft Defender for Endpoint had marked browser updates made through the Google Update service as suspicious.