Microsoft Defender is detecting legitimate DigiCert root certificates as Trojan:Win32/Cerdigent.A!dha, resulting in widespread false-positive alerts, and in some cases, removing certificates from Windows. According to cybersecurity expert Florian Roth, the issue first appeared after Microsoft added the detections to a Defender signature update on April 30th. Today, administrators worldwide began reporting that DigiCert root certificate entries were flagged as malware and, on affected systems, removed from the Windows trust store. According to a Reddit post about the false positives, the detected certificates are: On impacted systems, these certificates were removed from the AuthRoot store under this Registry key: These false positives have led to concern among Windows users, with some thinking their devices were infected and reinstalling the operating system to be safe. Microsoft has reportedly fixed the detections in Security Intelligence update version 1.449.430.0, and the most recent update is now 1.449.431.0. Other reports on Reddit indicate that the fix also restores previously removed certificates on affected systems.