September 30, 2023

Microsoft has fixed a bug in the Windows Defender that identified the Chromium browser engine and/or Electron JavaScript framework as Hive ransomware and recommended removal.

Numerous social media and forum posts detailed how Windows has produced a warning of “Behavior:Win32/Hive.ZY” when users run everyday applications like Google’s Chrome browser or the Spotify music streamer.


Hive is a nasty ransomware-as-a-service outfit, so it’s a good thing that Windows Defender antivirus can detect and warn against the presence of its pernicious products. But neither Spotify nor Chrome are malware or ransomware. Users were therefore a tad miffed at Windows making constant suggestions to the contrary.

It’s been diagnosed as a false positive produced by Windows Defender, possibly due to recent browser updates somehow confusing matters.

Microsoft’s changelog for antimalware products recorded a flurry of eight updates to Windows Defender dated September 4th, suggesting concerted action to resolve the issue. Version 1.373.1537.0 appears to have done the trick and the flagging as disappeared.


This is not the first time Microsoft has identified Chrome as Malware: the archive records show a similar incident in 2011!

Leave a Reply

%d bloggers like this: