{"id":16248,"date":"2026-05-04T02:00:52","date_gmt":"2026-05-03T17:00:52","guid":{"rendered":"https:\/\/m365jp.net\/?p=16248"},"modified":"2026-05-04T02:02:15","modified_gmt":"2026-05-03T17:02:15","slug":"servicedegradation-dz1299600-microsoft-defender-xdr-some-users-may-receive-false-positive-alerts-from-microsoft-defender-antivirus-for-specific-certificates","status":"publish","type":"post","link":"https:\/\/m365jp.net\/index.php\/2026-05-04-servicedegradation-dz1299600-microsoft-defender-xdr-some-users-may-receive-false-positive-alerts-from-microsoft-defender-antivirus-for-specific-certificates","title":{"rendered":"[serviceDegradation] DZ1299600 | Microsoft Defender XDR | Some users may receive false positive alerts from Microsoft Defender Antivirus for specific certificates"},"content":{"rendered":"<div class=\"postie-post\">\n<div>\n<hr>\n<table id=\"section\">\n<tbody>\n<tr>\n<th width=\"95%\">DZ1299600 | Microsoft Defender XDR | Some users may receive false positive alerts from Microsoft Defender Antivirus for specific certificates<\/th>\n<\/tr>\n<\/tbody>\n<\/table>\n<hr>\n<table id=\"data\">\n<tbody>\n<tr>\n<th>Status<\/th>\n<td class=\"bad\">serviceDegradation<\/td>\n<\/tr>\n<tr>\n<th>Classification<\/th>\n<td>incident<\/td>\n<\/tr>\n<tr>\n<th>User Impact<\/th>\n<td>Users may receive false positive alerts from Defender Antivirus and see legitimate files or certificates quarantined.<\/td>\n<\/tr>\n<tr>\n<th>Last Updated<\/th>\n<td>05\/03\/2026 16:51:37<\/td>\n<\/tr>\n<tr>\n<th>Start Time<\/th>\n<td>05\/03\/2026 16:11:06<\/td>\n<\/tr>\n<tr>\n<th>End Time<\/th>\n<td><\/td>\n<\/tr>\n<tr>\n<th>Latest Message<\/th>\n<td>Title: Some users may receive false positive alerts from Microsoft Defender Antivirus for specific certificates  <\/p>\n<p>  User impact: Users may receive false positive alerts from Defender Antivirus and see legitimate files or certificates quarantined.  <\/p>\n<p>  More info: Users may have received an alert in Microsoft Defender Antivirus notifying them of the following alert:<br \/>  &#8220;&#8216;Cerdigent&#8217; high-severity malware was detected<br \/>  Malware: Trojan:Win32\/Cerdigent.A!dha&#8221;<\/p>\n<p>  Affected users should update to Security Intelligence Version 1.449.430.0 or a later version to remediate impact.  <\/p>\n<p>  Current status: We&#8217;ve received reports from a subset of affected tenants utilizing Microsoft Defender Antivirus who may be receiving alerts notifying them of a false positive detection in Defender Antivirus, which reads as, &#8220;ThreatName &#8211; Trojan:Win32\/Cerdigent.A!dha.&#8221;   We&#8217;ve isolated that the threat was a detection logic issue in a recent Security Intelligence update which caused legitimate files or certificates to be incorrectly identified as \u201cTrojan:Win32\/Cerdigent.A!dha.\u201d We&#8217;ve created and implemented new false positive   suppression rules to prevent users from being impacted by these alerts, and we&#8217;ve also published a new version of Microsoft Defender Antivirus Security Intelligence (Version 1.449.430.0) containing a hotfix to remediate the alerts, which we urge users to upgrade   to at this time. Simultaneously, we&#8217;re working to restore files and certificates that were incorrectly quarantined due to the alerts, and we aim to provide a timeline to remediation as soon as one becomes available.  <\/p>\n<p>  Scope of impact: Some users may receive alerts in Microsoft Defender for Antivirus notifying them of false positive alerts for specific certificates. This section may be updated as the investigation progresses.  <\/p>\n<p>  Start time: Sunday, May 03, 2026, at 9:14 AM UTC <\/p>\n<p>  Root cause: A detection logic issue in a recent Security Intelligence update caused legitimate files or certificates to be incorrectly identified as \u201cTrojan:Win32\/Cerdigent.A!dha.\u201d  <\/p>\n<p>  Next update by: Sunday, May 03, 2026, at 6:00 PM UTC<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>DZ1299600 | Microsoft Defender XDR | Some users may receive false positive alerts from Microsoft Defender Anti [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-16248","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/posts\/16248","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/comments?post=16248"}],"version-history":[{"count":0,"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/posts\/16248\/revisions"}],"wp:attachment":[{"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/media?parent=16248"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/categories?post=16248"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/tags?post=16248"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}