Microsoft Defender Flags DigiCert Certificates as Trojan

/MEDIUM
Written by SCW Research Research & Analysis
SCW threat-inteldata-breachmalwaremicrosoft
Microsoft Defender Flags DigiCert Certificates as Trojan

Microsoft Defender is currently flagging legitimate DigiCert root certificates as Trojan:Win32/Cerdigent.A!dha. BleepingComputer reports that this false positive is not only generating widespread alerts but, in some instances, is also leading to the removal of these critical certificates from Windows systems.

This isn’t a minor annoyance; it’s a critical operational disruption. When legitimate root certificates are removed, it breaks trust chains, impacting everything from secure website access to application functionality and internal network communications. Organizations relying on these certificates for their infrastructure or applications are seeing unexpected outages and security warnings.

Attackers thrive on chaos and weakened trust. While this is a false positive, the disruption it causes for defenders is very real. It wastes SOC time, introduces uncertainty, and creates an environment where actual threats could be missed amidst the noise.

What This Means For You

  • If your organization uses Windows systems with Microsoft Defender, you need to be checking for `Trojan:Win32/Cerdigent.A!dha` alerts. Prioritize validating if these detections are indeed false positives targeting DigiCert certificates. Do not automatically quarantine or remove, as this will break critical system functionality. Be ready to restore certificates and implement exclusions if Microsoft doesn't push a fix rapidly.

Written by SCW Research

Take action on this incident
📡 Monitor microsoft.com Free · 1 watchlist slot · instant alerts on new breaches 🔍 Threat intel on Microsoft All breaches, IOCs & vendor exposure

Related coverage on Microsoft

US Military Taps Google, Microsoft, AWS for Classified AI

The US military has engaged seven major tech companies—Google, Microsoft, Amazon Web Services, Nvidia, OpenAI, Reflection, and SpaceX—to integrate their AI capabilities into classified systems....

threat-intelvulnerabilitymicrosoft
/SCW Vulnerability Desk /MEDIUM

Trellix Confirms Source Code Breach After Unauthorized Repository Access

Cybersecurity vendor Trellix has confirmed a breach involving unauthorized access to a portion of its source code. The Hacker News reports that Trellix "recently identified"...

threat-intelvulnerabilitydata-breach
/SCW Vulnerability Desk /HIGH /⚑ 2 IOCs /⚙ 3 Sigma

Palo Alto Unit 42: Beyond Endpoint Detection

Palo Alto Unit 42 underscores a critical gap in many security postures: an over-reliance on endpoint detection. Their recent analysis highlights that a truly comprehensive...

threat-intelAPTmalwareresearch
/SCW Research /MEDIUM