MICROSOFT DEFENDER FALSELY FLAGS DIGICERT CERTS
INDUSTRY DESK■ 2 MIN READ
SUN, MAY 3, 2026■ AI-SUMMARIZED FROM 1 SOURCE BELOW
Microsoft Defender is mistakenly identifying legitimate DigiCert root certificates as malware, triggering widespread false-positive alerts and certificate removals on Windows systems.
Microsoft Defender's threat detection engine has begun flagging DigiCert root certificates with the malware classification Trojan:Win32/Cerdigent.A!dha, creating significant disruption across enterprises and users relying on DigiCert's certificate infrastructure.
The false positives have resulted in automatic certificate removal from affected Windows systems, potentially disrupting SSL/TLS connections and authentication processes for services using DigiCert certificates. Users report alerts and quarantine actions despite the certificates being legitimate and widely trusted.
DigiCert, one of the world's largest certificate authorities, has confirmed the certificates in question are genuine and secure. The issue appears to stem from a detection signature error within Microsoft Defender's malware definitions rather than any compromise of DigiCert's infrastructure.
The incident highlights a recurring problem in security software: overly aggressive or poorly calibrated detection rules can disable legitimate security infrastructure. Previous similar incidents have caused widespread outages when antivirus engines incorrectly flagged critical system files or trusted software.
Microsoft has not yet released an official statement addressing the scope of affected systems or a timeline for resolution. Users experiencing these false positives are advised to whitelist DigiCert certificates in Defender settings as a temporary workaround, though enterprise environments may lack granular controls for immediate mitigation.
The situation underscores the tension between security software attempting to catch emerging threats and the risk of disrupting legitimate operations. Organizations dependent on DigiCert certificates are monitoring the situation closely, as the misdetection could impact millions of systems globally.
This incident may prompt broader discussions about coordination between certificate authorities and antivirus vendors, particularly regarding pre-release testing of detection signatures against known legitimate certificates.
■ MORE FROM THE SECURITY DESK
Utah has become the first U.S. state to hold websites liable for users who mask their location with VPNs. The law requires sites to verify age or face penalties for serving restricted content to minors.
5H AGO— Industry Desk
Retail stores using AI facial recognition systems are misidentifying customers as shoplifters, then offering no support to clear their names. Affected shoppers report being publicly shamed and ejected from stores based on flawed technology.
5H AGO— Industry Desk
Cybersecurity researchers have discovered a large-scale fraud operation leveraging Telegram's Mini App feature to run cryptocurrency scams, impersonate brands, and deliver Android malware to users.
6H AGO— Security Desk
A new privacy-focused tool called Do_not_track is drawing significant developer interest, with 122 upvotes and 50 comments on Hacker News. The project addresses growing concerns about web tracking and user data collection.
10H AGO— Industry Desk