User impact: Users may receive false positive alerts from Defender Antivirus and see legitimate files or certificates quarantined.

More info: Users may have received an alert in Microsoft Defender Antivirus notifying them of the following alert:
“‘Cerdigent’ high-severity malware was detected
Malware: Trojan:Win32/Cerdigent.A!dha”

Affected users should update to Security Intelligence Version 1.449.430.0 or a later version to remediate impact.

Current status: We’ve received reports from a subset of affected tenants utilizing Microsoft Defender Antivirus who may be receiving alerts notifying them of a false positive detection in Defender Antivirus, which reads as, “ThreatName – Trojan:Win32/Cerdigent.A!dha.” We’ve isolated that the threat was a detection logic issue in a recent Security Intelligence update which caused legitimate files or certificates to be incorrectly identified as “Trojan:Win32/Cerdigent.A!dha.” We’ve created and implemented new false positive suppression rules to prevent users from being impacted by these alerts, and we’ve also published a new version of Microsoft Defender Antivirus Security Intelligence (Version 1.449.430.0) containing a hotfix to remediate the alerts, which we urge users to upgrade to at this time. Simultaneously, we’re working to restore files and certificates that were incorrectly quarantined due to the alerts, and we aim to provide a timeline to remediation as soon as one becomes available.

Scope of impact: Some users may receive alerts in Microsoft Defender for Antivirus notifying them of false positive alerts for specific certificates. This section may be updated as the investigation progresses.

Start time: Sunday, May 03, 2026, at 9:14 AM UTC

Root cause: A detection logic issue in a recent Security Intelligence update caused legitimate files or certificates to be incorrectly identified as “Trojan:Win32/Cerdigent.A!dha.”

Next update by: Sunday, May 03, 2026, at 6:00 PM UTC