SoylentNews

APK Hosts File Engine sucks [github.com] writes:

A recent bug in security intelligence updates for Microsoft Defender is causing it to incorrectly detect Chrome-based browsers and other Electron-based apps as potential malware [bleepingcomputer.com]. Microsoft Edge and other such apps are flagged as suspicious, reporting the threat as Behavior:Win32/Hive.ZY [microsoft.com]. The issue seems to be resolved when upgrading to version 1.373.1537.0 [theregister.com] of the security intelligence updates, and the changelog [microsoft.com] reports an update to the threat detection for Behavior:Win32/Hive.ZY. After updating Microsoft Defender's security intelligence, the false positive disappears, and no further action is needed.

The false positive appears to be linked to detecting behaviors that would indicate the presence of Hive ransomware [trendmicro.com]. It's obviously a good thing to detect Hive ransomware and block it, but this panicked many users over the weekend whose computers warned them upon opening many trusted applications. Details are scarce as to what went wrong in the Microsoft Defender definitions and how the false positive occurred, but the issue seems to have been resolved with the latest definitions.

Although Microsoft Edge does not contain the Hive ransomware, some users might suggest that Edge was correctly identified as malware, and that the rest of Windows should have been flagged as well.

Original Submission