Microsoft Defender wrongly flags DigiCert certs as Trojan:Win32/Cerdigent.A!dha
Summary
Microsoft Defender is incorrectly flagging legitimate DigiCert root certificates as malicious, specifically identifying them as Trojan:Win32/Cerdigent.A!dha. This false-positive detection is causing widespread alerts and, in some instances, leading to the removal of these essential certificates from Windows systems. DigiCert is actively working with Microsoft to resolve the issue and restore proper trust to their certificates.
IFF Assessment
This incident is bad news for defenders as it causes disruptions and potential security risks by compromising the integrity of a trusted certificate authority, leading to unexpected system behavior and potential trust issues.
Defender Context
Defenders should be aware of this widespread false-positive issue affecting DigiCert certificates on Windows systems. It highlights the importance of monitoring security alerts for anomalies and the potential for even trusted software to cause unintended disruptions. Investigating such alerts thoroughly, rather than blindly acting on them, is crucial to avoid impacting legitimate system functions.