Behavior:Win32/Hive.ZY - **CONFIRMED** false positive 9/4/22

[EDIT:  Confirmation from Microsoft cited lower in this thread...]

I was surprised when Windows Defender suddenly alerted me that a "serious" threat had been detected on my computer, as I do my best to keep it "squeaky clean", and nothing was detected yesterday.

Unfortunately, the only information it gave me was the threat's "name", Behavior:Win32/Hive.ZY (and a process id#)... it did NOT indicate any particular file(s) where this allegedly was found, so I was unable to investigate/test further.

All I could find out officially was that "This generic detection for suspicious behaviors is designed to catch potentially malicious files".

"Generic", "suspicious" and "potentially" tended to confirm my belief that this was a false positive.

I then did a web search, and saw that MANY (hundreds?  thousands??) people started experiencing this today... in particular:

How can I stop Win32/Hive.ZY to try and get around windows - Microsoft Community :  this "Hive.ZY" threat pops-up shows up anytime a Chromium based application is launched. This means Chrome, Edge, and any Electron based apps like VS Code.

Behavior:Win32/Hive.ZY : antivirus (reddit.com)  If you got this threat : "Behavior:Win32/Hive.ZY" , it's a false positive.. you will be notified by Windows security that you got this threat whenever you open a trusted electron based apps , to avoid this don't update Windows until this problem is solved.

I *did* have EDGE open when the threat was detected.

I have "told" Defender to ALLLOW this "threat".

EDIT:   Some sources allege that this F/P began with Defender's Definition/Update Version 1.373.1508.0 ( and has yet to be fixed despite several subsequent updates ).