| DZ1299600 | Microsoft Defender XDR | Some users may receive false positive alerts from Microsoft Defender Antivirus for specific certificates |
|---|
| Status | serviceDegradation |
|---|---|
| Classification | incident |
| User Impact | Users may receive false positive alerts from Defender Antivirus and see legitimate files or certificates quarantined. |
| Last Updated | 05/03/2026 21:36:13 |
| Start Time | 05/03/2026 08:52:00 |
| End Time | |
| Latest Message | Title: Some users may receive false positive alerts from Microsoft Defender Antivirus for specific certificates
User impact: Users may receive false positive alerts from Defender Antivirus and see legitimate files or certificates quarantined. More info: Users may have received an alert in Microsoft Defender Antivirus notifying them of the following alert: Affected users should update to Security Intelligence Version 1.449.430.0 or a later version to remediate impact. Current status: Our service continues to remain healthy following our mitigative actions; we’ve confirmed that no new false positive alerts are being sent. Our workstream to recover quarantined files and certificates is ongoing; however, more investigation is required. We’re further analyzing the nature of quarantined files and certificates to determine our next steps. Scope of impact: Some users may receive alerts in Microsoft Defender for Antivirus notifying them of false positive alerts for specific certificates. Start time: Sunday, May 03, 2026, at 9:14 AM UTC Root cause: A detection logic issue in a recent Security Intelligence update caused legitimate files or certificates to be incorrectly identified as “Trojan:Win32/Cerdigent.A!dha.” Next update by: Monday, May 04, 2026, at 12:30 AM |