After a standard Windows Update and restart I had my Microsoft Defender Antivirus security service freak out (and me with it) with constant notifications regarding a blocked severe threat.
The blocked threat was detected as: Behavior:Win32/Hive.ZY
In short, this was a false positive and took over 8 hours and 4 different Security Intelligence Updates for Microsoft Defender Antivirus to resolve the (non) issue.
It sucks that this had to happen, but I am appreciative that the team at Microsoft was able to correct their error and get it resolved.
Wanting to be more safe than sorry, I immediately updated my previously installed Malwarebytes anti-malware and anti-virus program. Then disabled my ethernet adapter which removed internet access from my PC without having to physically remove the cable.
I then ran a full system scan (including rootkits) with Malwarebytes which returned no results, as expected. I say this was expected because I run no software that hasn’t been previously vetted on my computer. While I waited for the Malwarebytes scan to complete I ran through the usual spots where malware hides within Windows Registry Editor looking for anything suspicious, checked the running services, reviewed the task scheduler and so on and so forth.
All-in-all I wasted no less a full hour, probably two, of my time running through my machine but I am happy that everything appears to be fine. Just because I am an experienced technology support technician doesn’t mean I am perfect. New and more creative threats are appearing all the time. Stay observant and vigilant my friends!
As always, I welcome your thoughts, questions or suggestions on my article covering the false positive blocked threat labeled as Behavior:Win32/Hive.ZY.
Let me know if you found any errors within my article or if I may further assist you by answering any additional questions you may have.