| DZ1299600 | Microsoft Defender XDR | Some users may receive false positive alerts from Microsoft Defender Antivirus for specific certificates |
|---|
| Status | serviceDegradation |
|---|---|
| Classification | incident |
| User Impact | Users may receive false positive alerts from Defender Antivirus and see legitimate files or certificates quarantined. |
| Last Updated | 05/03/2026 17:35:47 |
| Start Time | 05/03/2026 16:11:06 |
| End Time | |
| Latest Message | Title: Some users may receive false positive alerts from Microsoft Defender Antivirus for specific certificates
User impact: Users may receive false positive alerts from Defender Antivirus and see legitimate files or certificates quarantined. More info: Users may have received an alert in Microsoft Defender Antivirus notifying them of the following alert: Affected users should update to Security Intelligence Version 1.449.430.0 or a later version to remediate impact. Current status: We continue to encourage users to upgrade to the new version of Microsoft Defender Antivirus Security Intelligence (Version 1.449.430.0), which contains a hotfix to remediate the erroneous alerts. In parallel, we’re developing a solution to restore files and certificates that were incorrectly quarantined due to the alerts. Scope of impact: Some users may receive alerts in Microsoft Defender for Antivirus notifying them of false positive alerts for specific certificates. This section may be updated as the investigation progresses. Start time: Sunday, May 03, 2026, at 9:14 AM UTC Root cause: A detection logic issue in a recent Security Intelligence update caused legitimate files or certificates to be incorrectly identified as “Trojan:Win32/Cerdigent.A!dha.” Next update by: Sunday, May 03, 2026, at 7:30 PM UTC |