Сlarity and Trust – We take pride in being the site where you can feel free to express your opinion and leave feedback. Whenever you click on the websites of products reviewed by us, we participate in the revenue sharing and get commissions that help us maintain our project. Read more about how we work.

Microsoft Defender Mistakenly Saw a Threat in Chrome and Electron Apps

Now Reading
Microsoft Defender Mistakenly Saw a Threat in Chrome and Electron Apps

Due to a bug in an update, Microsoft Defender incorrectly identified Google Chrome, Microsoft Edge, Discord, Spotify, and other Electron apps as a Win32/Hive.ZY threat every time they ran on Windows.

Let me remind you that we also said that Microsoft Defender Scanner for Log4j Problems finds non-existent bugs, and also that LockBit Ransomware Uses Windows Defender to Download Cobalt Strike.

The problem of false positives manifested itself last weekend, after the release of signature update 1.373.1508.0. This update includes two new threats, including the already mentioned Win32/Hive.ZY. Microsoft writes that this is a universal identifier for suspicious behavior, which will come in handy when “detecting potentially malicious files.”

Users from all over the world wrote on Twitter and on Reddit that warnings about the detection of a serious threat appear every time they launch a browser or any application based on Electron.

This alert appears even when I reactivate my music! Malware Bytes and Windows Defender can’t find any suspicious file, and when you click on the threat, it is in the history but doesn’t exist anymore, as if Windows couldn’t find the source.for example, Reddit user Sedorriku0001 writes.

Of course, neither Spotify, nor Chrome, nor other legitimate applications were associated with malware, but rather annoying false positives.

Microsoft Defender and Chrome

After a flurry of reports about a bug in Microsoft Defender, developers have already released three updates in an effort to fix the problem. The most recent one (1.373.1537.0) seems to have finally fixed the problem and rid users of false positives and the “phantom” Win32/Hive.ZY.

It must be said that this is far from the first case of its kind, and false positives have existed for as long as antiviruses themselves. For example, in 2020, the Microsoft Defender ATP (Advanced Threat Protection) enterprise solution added a lot of gray hair to administrators when it allegedly detected Mimikatz and Cobalt Strike infections on devices. Back in 2011, a signature update for Microsoft Security Essentials and Microsoft Forefront identified the Chrome for Windows executable as a component of the notorious ZeuS Trojan.

What's your reaction?
Love It
Like It
Want It
Had It
Hated It
About The Author
Vladimir Krasnogolovy
Leave a response

Leave a Response