Microsoft Defender Misidentifies DigiCert Certificates As Malware, Triggering Global Disruptions
Microsoft Defender Misidentifies DigiCert Certificates As Malware, Triggering Global Disruptions
https://www.linkedin.com/pulse/microsoft-defender-misidentifies-digicert-certificates-n9yne
Publish Date: 2026-05-04 05:00:00
Source Domain: www.linkedin.com
A significant technical malfunction in Microsoft Defender has triggered widespread alarm across the global cybersecurity community, after the platform mistakenly identified legitimate digital certificates issued by DigiCert as malicious software. The error, which surfaced in late April, led to false-positive detections labeled Trojan:Win32/Cerdigent.A!dha and, in some cases, the automatic removal of critical certificates from Windows systems.
False Positives Spark Global Concern
The issue first emerged following a routine security intelligence update rolled out on April 30. Shortly afterward, system administrators and IT professionals across multiple regions began reporting anomalous alerts. These warnings indicated that trusted DigiCert root certificates—essential components of secure internet communication—were being flagged as trojans.
It appears the detections coincided precisely with the Defender signature update. As reports multiplied, it became clear that the problem was not isolated but affecting enterprise environments, managed networks, and individual users alike.
On impacted machines, the flagged certificates were not only detected but also removed from the Windows trust store, specifically within the system registry path:
HKLMSOFTWAREMicrosoftSystemCertificatesAuthRootCertificates
The removal of these certificates can disrupt secure connections, software validation, and encrypted communications—core functions of modern operating systems.
…
Source
