The CircuitryTHE CIRCUITRY
Feed/Microsoft/Cloud
VERIFIEDBy Xavier Rivera· ·1 min read

Defender Falsely Flags DigiCert Root Certs as Malware

Microsoft Defender wrongly flags legitimate DigiCert root certificates as Trojan:Win32/Cerdigent.A!dha, causing false alerts and trust store removals after an April 30 update. Microsoft has fixed it in the latest security intelligence update amid a recent DigiCert breach that exposed code-signing certificates to attackers.

Source:BleepingComputer
Defender Falsely Flags DigiCert Root Certs as Malware
TL;DRAI · 60 sec read

Microsoft Defender detects legitimate DigiCert root certificates as Trojan:Win32/Cerdigent.A!dha, triggering widespread false-positive alerts and, in some cases, removing certificates from the Windows trust store.

Cybersecurity expert Florian Roth notes the issue emerged after Microsoft added the detections in a Defender signature update on April 30. Administrators worldwide report DigiCert root certificate entries flagged as malware, with affected systems removing them from the AuthRoot store under the registry key HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\.

The flagged certificates bear hashes 0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43 and DDFB16CD4931C973A2037D3FC83A4D7D775D05E4. Concerned Windows users have reinstalled their operating systems, fearing infection.

Microsoft reportedly fixes the detections in Security Intelligence update version 1.449.430.0; the latest is now 1.449.431.0. The update also restores removed certificates and installs automatically, though users can force it via Windows Security > Virus and threat protection > Protection updates > Check for updates.

The false positives follow a recent DigiCert security incident where threat actors obtained valid code-signing certificates for malware. Attackers targeted support staff in early April with malicious ZIP files disguised as screenshots. After compromising devices, they accessed initialization codes for pending EV code-signing orders via an internal portal, leading DigiCert to revoke 60 certificates, including 27 linked to malware.
HELP US IMPROVE

Reader-supported

The Circuitry is a passion project I've always wanted to build, and I love the work behind it.

Running it costs real money. APIs, hosting, time. To keep improving the site and growing this into something useful for everyone, those costs have to be covered.

Any contribution is appreciated. If not, no pressure. Thanks for reading.

Support →

EXPERT TAKE

Expert Take: Administrators should check Windows Security for the latest Defender update to restore any removed DigiCert root certificates from the trust store.

VERIFICATION STATUS

VERIFIED
HIGH
Source: BleepingComputer
Claims cross-referenced
No factual discrepancies detected
MicrosoftDefenderDigiCert

MORE IN MICROSOFT/CLOUD

Microsoft Entra Releases April 2026 Updates for AI Agents and Security

Microsoft Entra detailed its April 2026 releases, including GA of the Agent ID platform for AI agents and multiple authentication and provisioning updates. The changes affect enterprise identity management, security policies, and hybrid environments with specific rollout timelines.

Xbox Winds Down Copilot AI on Mobile and Console

Xbox is winding down Copilot on mobile and halting console development under new CEO Asha Sharma. The move follows a reorganization incorporating CoreAI executives and reverses earlier plans to launch the feature on consoles this year.

Microsoft to Hide MSN Feed by Default in Windows 11 Widgets

Microsoft will hide the MSN news feed in Windows 11 widgets by default to make the feature quiet and less distracting. The update disables hover-open behavior and taskbar badges while rolling out alongside other Windows 11 improvements throughout 2026.