Microsoft Defender flags DigiCert root certificates as malware, triggering trust disruptions
Microsoft Defender's late-April signature update falsely flagged DigiCert root certificates as malware, causing removals from the Windows trust store and disruptions to secure connections; Microsoft issued emergency Defender definitions (1.449.430.0 and 1.449.431.0) to fix the issue and auto-restore certificates. While timing touches a DigiCert breach incident, Defender targeted root certificates, not EV signing certs, underscoring the risk of false positives in automated threat detection and the need for layered security.