1 min

Microsoft patched a widespread Defender flaw that incorrectly identified common apps as harmful Hive ransomware payloads.

Over the weekend, Windows users and system administrators reported widespread issues due to a Defender update causing the antivirus solution to identify Electron-based and Chromium-based applications as threats.

Numerous users awoke to find that Windows Defender had identified Win32/Hive.ZY malware on their PC. Naturally, the alerts generated concern. Users had no idea how their system had become infected. Hundreds sought assistance on social networks and forums.


Even though the antivirus claimed it had quarantined the danger, an identical message would resurface after roughly two minutes. The frequent alerts caused confusion. Many users began analyzing their computers with third-party software like Malwarebytes to double-check the alerts.

Apps like Slack, Chrome, Edge, Discord and Spotify were impacted. Launching an affected application triggered the Defender alert. The notice informed users that Defender had prevented a threat and that the program in question was uninstalled. In reality, the apps were untouched and the alerts continued to come in.


Many users reported that the Microsoft security intelligence update for Defender issued on Sunday morning caused the malfunction. Microsoft published a total of four updates throughout the day. The bug was eventually repaired with version 1.373.1537.0, released roughly 12 hours after the problem started occurring. Windows users are advised to update to 1.373.1537.0 or a later version.

Tip: Google Chrome updates trigger false positives in Microsoft Defender