Microsoft Defender wrongly flags DigiCert certs as Trojan:Win32/Cerdigent.A!dha

Staff Editor 2026-05-03
Microsoft Defender wrongly flags DigiCert certs as Trojan:Win32/Cerdigent.A!dha

Microsoft Defender wrongly flags DigiCert certs as Trojan:Win32/Cerdigent.A!dha

https://www.bleepingcomputer.com/news/security/microsoft-defender-wrongly-flags-digicert-certs-as-trojan-win32-cerdigentadha/

Publish Date: 2026-05-03 14:11:00

Source Domain: www.bleepingcomputer.com

Microsoft Defender is detecting legitimate DigiCert root certificates as Trojan:Win32/Cerdigent.A!dha, resulting in widespread false-positive alerts, and in some cases, removing certificates from Windows.

According to cybersecurity expert Florian Roth, the issue first appeared after Microsoft added the detections to a Defender signature update on April 30th.

Today, administrators worldwide began reporting that DigiCert root certificate entries were flagged as malware and, on affected systems, removed from the Windows trust store.

According to a Reddit post about the false positives, the detected certificates are:

  • 0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
  • DDFB16CD4931C973A2037D3FC83A4D7D775D05E4

On impacted systems, these certificates were removed from the AuthRoot store under this Registry key:

HKLMSOFTWAREMicrosoftSystemCertificatesAuthRootCertificates

These false positives have led to concern among Windows users, with some thinking their devices were infected and reinstalling the operating system to be safe.

Microsoft Defender Microsoft Defender “Trojan:Win32/Cerdigent.A!dha” False Positive
Source: Reddit

Microsoft has reportedly fixed the detections in Security Intelligence update version 1.449.430.0, and the most recent update is now 1.449.431.0.

Other reports on Reddit indicate that the fix also restores previously removed certificates on affected systems.

The new Microsoft Defender updates will automatically install, and Windows users can manually force an update by going into Windows Security Virus and threat protection Protection updates and clicking on Check for Updates.

Possibly linked to a recent DigiCert breach

The false positives occur shortly after a disclosed DigiCert security incident that enabled threat actors to obtain valid code-signing certificates used to sign malware.

“A malware incident targeted a customer support team member. Upon detection, the threat vector was contained,” explains the DigiCert incident report.

“Our…

Source

More Stories

Gaming soundbar can be hijacked from over 16 yards away without touch or pairing — the company allegedly refuses to label the blatant security flaw a cybersecurity risk

Gaming soundbar can be hijacked from over 16 yards away without touch or pairing — the company allegedly refuses to label the blatant security flaw a cybersecurity risk

Staff Editor 2026-06-06
White House EO Seeks Early Evaluation of Frontier AI Models

White House EO Seeks Early Evaluation of Frontier AI Models

Staff Editor 2026-06-06
New ChatGPT Lockdown Mode Limits Tools That Could Enable Data Exfiltration

New ChatGPT Lockdown Mode Limits Tools That Could Enable Data Exfiltration

Staff Editor 2026-06-06

Terms and Conditions - Privacy Policy