A large number of users of Windows 10, Windows 11 and Windows Server operating systems faced serious security warnings after the built-in Microsoft Defender started detecting a threat labeled as Trojan:Win32/Cerdigent.A!dha. The warnings caused a global panic, because in some cases legitimate files were marked as infected, including even official installation ISO images of the system.
The Microsoft company reacted quickly and confirmed that it was a false positive result, that is, a detection error. The cause of the problem leads to an incident at DigiCert, where an employee’s device was compromised and private keys for digital certificates were published. As an emergency measure, DigiCert revoked about 60 certificates in mid-April.
Windows Defender detection error caused by certificate issue
Microsoft then linked these certificates to potential malware and implemented aggressive detection rules. However, the problem arose because many legitimate programs had been using the same digital signing certificates for years, so they were automatically flagged as a threat. In some cases, the detection went a step further, and even system files and root certificates were misidentified as malware.
The situation further escalated when users reported that warnings appeared on clean installations of Windows systems, including official ISO files downloaded from the Microsoft site. This clearly indicated a systemic error in the way Defender interprets revoked certificates.
Microsoft has since released a fix through security update version 1.449.430.0 and later, which resolves the issue. Users are advised to manually check for updates through Windows Security and install the latest version of definitions to eliminate false detections.
This incident shows how sensitive protection systems are to changes in the infrastructure of digital certificates, but also how quickly a misconfiguration can cause a global disruption in the operation of computers and software.