Microsoft: DigiCert Root Certificates Are Malware? Censys in SOC Triage

On May 3, 2026 Windows Defender repeatedly flagged two DigiCert root certificates as a Trojan, leading to quarantines of root-store entries and widespread alerts; Censys-based triage showed the certificates were legitimate root CAs (not revoked and trusted by major stores) and Microsoft resolved the false positives with a Security Intelligence update (1.449.430.0+), illustrating the importance of authoritative certificate context in SOC investigations.