Windows Defender Threat Detected : Trojan:Win32/Cerdigent.A!dha


BrianInEngland said:
Mine are in the original path

Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates
Click to expand...
I wonder what it means that mine are in another registry path.
 

My Computers My Computers

System One System Two

  • At a glance

    Windows 11 Pro 25H2 26200.8655Intel® Core™ Ultra 7 265 1.8GHz to 5.3GHz (Ar...SK Hynix 32GB DDR5 5600 Desktop RAM UDIMM Non...Dell NVIDIA® GeForce RTX™ 4060 8GB GDDR6 & (i...
    OS
    Windows 11 Pro 25H2 26200.8655
    Computer type
    PC/Desktop
    Manufacturer/Model
    Dell Tower Plus EBT2250, DOB: 06/15/2025
    CPU
    Intel® Core™ Ultra 7 265 1.8GHz to 5.3GHz (Arrow Lake)
    Motherboard
    Dell Inc. 02D3NT A00 (U3E1)
    Memory
    SK Hynix 32GB DDR5 5600 Desktop RAM UDIMM Non-ECC PC5-5600B
    Graphics Card(s)
    Dell NVIDIA® GeForce RTX™ 4060 8GB GDDR6 & (iGPU) Integrated Intel® UHD Graphics
    Sound Card
    Chipset Realtek High-Definition Audio with Dolby Atmos
    Monitor(s) Displays
    Dell Ultra Sharp U2515H 25-Inch Screen LED-Lit
    Screen Resolution
    2560 X 1440
    Hard Drives
    Samsung (NVMe PM9C1a 1024GB) M.2 PCIe NVMe Solid State Drive (OS), with Samsung Piccolo (S4LY022) 6-Core 4 Channel Controller.

    Samsung T7 500GB SSD, USB-C External Drive
    PSU
    Dell 460W
    Case
    Dell Tower Plus EBT 2250
    Cooling
    Fan
    Keyboard
    Dell Wired Keyboard - KB216
    Mouse
    Logitech M510
    Internet Speed
    Intel Killer E3100G 2.5 Gigabit Ethernet Controller
    Browser
    Microsoft Edge
    Antivirus
    Microsoft Windows Security
    Other Info
    The Samsung NVMe PM9C1a 1024GB SSD does not use a Phison NAND controller. Instead, it uses Samsung's in-house developed Piccolo (S4LY022) 6-Core 4 Channel Controller. The PM9C1a utilizes a controller built using Samsung's 5-nanometer process and seventh-generation V-NAND technology. 🤔

  • At a glance

    Windows 11 Pro 25H2 26200.865510th Generation Intel Core i7-10510U Processo...16GB DDR4 RAMNVIDIA® GeForce® MX250 with 2GB GDDR5 graphic...
    Operating System
    Windows 11 Pro 25H2 26200.8655
    Computer type
    Laptop
    Manufacturer/Model
    Dell Inspiron 15 7000 (7591) 2-in-1, DOB: 11/30/2019
    CPU
    10th Generation Intel Core i7-10510U Processor (8MB Cache, up to 4.9 GHz) Comet Lake
    Motherboard
    Dell 0NNW5N
    Memory
    16GB DDR4 RAM
    Graphics card(s)
    NVIDIA® GeForce® MX250 with 2GB GDDR5 graphics memory
    Sound Card
    Chipset Realtek ALC3254 🤔🤣
    Monitor(s) Displays
    Dell 15.6-inch UHD Truelife Touch Narrow Border WVA Display with Active Pen support
    Screen Resolution
    3840 x 2160
    Hard Drives
    Intel NVME 512GB SSD with 32GB Intel Optane Memory, M.2 80mm PCIe 3.0 RAID

    SanDisk 256GB Extreme microSDXC UHS-I Memory Card
    PSU
    Dell 4-Cell Battery, 68 Whr (Integrated), 90 Watt AC Adapter
    Case
    Dell Inspiron 15 7000 2-in-1 (7591)
    Cooling
    Standard Dell Case Fan & Havit HV-F2056 USB Powered (3 Fans) Laptop Cooling Pad.
    Keyboard
    Dell
    Mouse
    Logitech Wireless Mouse M650L
    Internet Speed
    Wireless/Wired connectivity (WiFi 6 - 802.11 ax)
    Browser
    Microsoft Edge
    Antivirus
    Microsoft Windows Security
    Other Info
    From Dell: 512GB NVME Solid State Drive accelerated by 32GB Intel Optane Memory are the fastest as compared to NAND SSDs. Intel Optane H10 with SSD offers speedy storage and accelerates opening your programs.
neldog said:
I wonder what it means that mine are in another registry path.
Click to expand...
Certs in the ROOT key (the trusted root CA certificates) are trusted unconditionally. It's assumed that an admin, a policy, or the OS put them there.

Certs in the AuthRoot key (the automatic root update store) are trusted only as long as Microsoft continues to trust them. They have to be in the Microsoft CTL and have a valid signature in order to be trusted. You can actually have a cert in this store and Microsoft can revoke it, and it will no longer work, even though it's present.

That last part is not true for the other store; those certs continue to work. That's why people concerned about malware keep a close eye on that trusted root store (the ROOT key).
 

My Computer My Computer

At a glance

Windows 11 Pro 25H212th Gen Core i7-1260P64 GB Micron PC4-25600Intel Iris Xe Graphics
OS
Windows 11 Pro 25H2
Computer type
PC/Desktop
Manufacturer/Model
Intel NUC12WSHi7
CPU
12th Gen Core i7-1260P
Motherboard
NUC12WSBi7
Memory
64 GB Micron PC4-25600
Graphics Card(s)
Intel Iris Xe Graphics
Sound Card
on-board Realtek HD Audio
Monitor(s) Displays
Dell U3219Q
Screen Resolution
3840 x 2160
Hard Drives
Samsung SSD 990 PRO 1TB
Crucial MX500 2 TB
Antivirus
Microsoft Defender
pseymour said:
Certs in the ROOT key (the trusted root CA certificates) are trusted unconditionally. It's assumed that an admin, a policy, or the OS put them there.

Certs in the AuthRoot key (the automatic root update store) are trusted only as long as Microsoft continues to trust them. They have to be in the Microsoft CTL and have a valid signature in order to be trusted. You can actually have a cert in this store and Microsoft can revoke it, and it will no longer work, even though it's present.

That last part is not true for the other store; those certs continue to work. That's why people concerned about malware keep a close eye on that trusted root store (the ROOT key).
Click to expand...
SO mine being in the Authroot store are fine?
I'm assuming they were always there, I wouldn't have reason to check this until the problem on Sunday
 

My Computer My Computer

At a glance

Windows 11 Pro 25H2 (RP channel)AMD Ryzen 7 9800X3D 8-core64GB Corsair Titanium 6000/CL30MSI Suprim 5080 SOC
OS
Windows 11 Pro 25H2 (RP channel)
Computer type
PC/Desktop
Manufacturer/Model
MSI
CPU
AMD Ryzen 7 9800X3D 8-core
Motherboard
MEG X870E Godlike
Memory
64GB Corsair Titanium 6000/CL30
Graphics Card(s)
MSI Suprim 5080 SOC
Sound Card
Soundblaster AE-9
Monitor(s) Displays
ASUS TUF Gaming VG289Q
Screen Resolution
3840x2160
Hard Drives
Samsung 9100 Pro 4TB (gen 5 x4, system drive/games)
Samsung 990 Pro 2TB
Samsung 980 Pro 2TB
Samsung 870 Evo 4TB
Samsung 870 Evo 2TB
Samsung T9 4TB
PSU
Seasonic PX-2200
Case
Bequiet! Dark Base Pro 901
Cooling
Noctua NH-D15S Chromax black
Keyboard
Logitech G915 X (wired)
Mouse
Logitech G903 with PowerPlay charger
Internet Speed
900Mb/sec
Browser
Microsoft Edge
Antivirus
Windows Defender
pseymour said:
Certs in the ROOT key (the trusted root CA certificates) are trusted unconditionally. It's assumed that an admin, a policy, or the OS put them there.

Certs in the AuthRoot key (the automatic root update store) are trusted only as long as Microsoft continues to trust them. They have to be in the Microsoft CTL and have a valid signature in order to be trusted. You can actually have a cert in this store and Microsoft can revoke it, and it will no longer work, even though it's present.

That last part is not true for the other store; those certs continue to work. That's why people concerned about malware keep a close eye on that trusted root store (the ROOT key).
Click to expand...

Thank you, good to know.
 

My Computers My Computers

System One System Two

  • At a glance

    Windows 11 Pro 25H2 26200.8655Intel® Core™ Ultra 7 265 1.8GHz to 5.3GHz (Ar...SK Hynix 32GB DDR5 5600 Desktop RAM UDIMM Non...Dell NVIDIA® GeForce RTX™ 4060 8GB GDDR6 & (i...
    OS
    Windows 11 Pro 25H2 26200.8655
    Computer type
    PC/Desktop
    Manufacturer/Model
    Dell Tower Plus EBT2250, DOB: 06/15/2025
    CPU
    Intel® Core™ Ultra 7 265 1.8GHz to 5.3GHz (Arrow Lake)
    Motherboard
    Dell Inc. 02D3NT A00 (U3E1)
    Memory
    SK Hynix 32GB DDR5 5600 Desktop RAM UDIMM Non-ECC PC5-5600B
    Graphics Card(s)
    Dell NVIDIA® GeForce RTX™ 4060 8GB GDDR6 & (iGPU) Integrated Intel® UHD Graphics
    Sound Card
    Chipset Realtek High-Definition Audio with Dolby Atmos
    Monitor(s) Displays
    Dell Ultra Sharp U2515H 25-Inch Screen LED-Lit
    Screen Resolution
    2560 X 1440
    Hard Drives
    Samsung (NVMe PM9C1a 1024GB) M.2 PCIe NVMe Solid State Drive (OS), with Samsung Piccolo (S4LY022) 6-Core 4 Channel Controller.

    Samsung T7 500GB SSD, USB-C External Drive
    PSU
    Dell 460W
    Case
    Dell Tower Plus EBT 2250
    Cooling
    Fan
    Keyboard
    Dell Wired Keyboard - KB216
    Mouse
    Logitech M510
    Internet Speed
    Intel Killer E3100G 2.5 Gigabit Ethernet Controller
    Browser
    Microsoft Edge
    Antivirus
    Microsoft Windows Security
    Other Info
    The Samsung NVMe PM9C1a 1024GB SSD does not use a Phison NAND controller. Instead, it uses Samsung's in-house developed Piccolo (S4LY022) 6-Core 4 Channel Controller. The PM9C1a utilizes a controller built using Samsung's 5-nanometer process and seventh-generation V-NAND technology. 🤔

  • At a glance

    Windows 11 Pro 25H2 26200.865510th Generation Intel Core i7-10510U Processo...16GB DDR4 RAMNVIDIA® GeForce® MX250 with 2GB GDDR5 graphic...
    Operating System
    Windows 11 Pro 25H2 26200.8655
    Computer type
    Laptop
    Manufacturer/Model
    Dell Inspiron 15 7000 (7591) 2-in-1, DOB: 11/30/2019
    CPU
    10th Generation Intel Core i7-10510U Processor (8MB Cache, up to 4.9 GHz) Comet Lake
    Motherboard
    Dell 0NNW5N
    Memory
    16GB DDR4 RAM
    Graphics card(s)
    NVIDIA® GeForce® MX250 with 2GB GDDR5 graphics memory
    Sound Card
    Chipset Realtek ALC3254 🤔🤣
    Monitor(s) Displays
    Dell 15.6-inch UHD Truelife Touch Narrow Border WVA Display with Active Pen support
    Screen Resolution
    3840 x 2160
    Hard Drives
    Intel NVME 512GB SSD with 32GB Intel Optane Memory, M.2 80mm PCIe 3.0 RAID

    SanDisk 256GB Extreme microSDXC UHS-I Memory Card
    PSU
    Dell 4-Cell Battery, 68 Whr (Integrated), 90 Watt AC Adapter
    Case
    Dell Inspiron 15 7000 2-in-1 (7591)
    Cooling
    Standard Dell Case Fan & Havit HV-F2056 USB Powered (3 Fans) Laptop Cooling Pad.
    Keyboard
    Dell
    Mouse
    Logitech Wireless Mouse M650L
    Internet Speed
    Wireless/Wired connectivity (WiFi 6 - 802.11 ax)
    Browser
    Microsoft Edge
    Antivirus
    Microsoft Windows Security
    Other Info
    From Dell: 512GB NVME Solid State Drive accelerated by 32GB Intel Optane Memory are the fastest as compared to NAND SSDs. Intel Optane H10 with SSD offers speedy storage and accelerates opening your programs.
BrianInEngland said:
SO mine being in the Authroot store are fine?
I'm assuming they were always there, I wouldn't have reason to check this until the problem on Sunday
Click to expand...
I would say that's actually preferable. In terms of level of trust, the two are the same. The ones in AuthRoot can be revoked automatically, e.g. if they get compromised somehow, so that's good. Mine are in AuthRoot, and my PCs were off over this time period, so they never moved.
 

My Computer My Computer

At a glance

Windows 11 Pro 25H212th Gen Core i7-1260P64 GB Micron PC4-25600Intel Iris Xe Graphics
OS
Windows 11 Pro 25H2
Computer type
PC/Desktop
Manufacturer/Model
Intel NUC12WSHi7
CPU
12th Gen Core i7-1260P
Motherboard
NUC12WSBi7
Memory
64 GB Micron PC4-25600
Graphics Card(s)
Intel Iris Xe Graphics
Sound Card
on-board Realtek HD Audio
Monitor(s) Displays
Dell U3219Q
Screen Resolution
3840 x 2160
Hard Drives
Samsung SSD 990 PRO 1TB
Crucial MX500 2 TB
Antivirus
Microsoft Defender
pseymour said:
I would say that's actually preferable. In terms of level of trust, the two are the same. The ones in AuthRoot can be revoked automatically, e.g. if they get compromised somehow, so that's good. Mine are in AuthRoot, and my PCs were off over this time period, so they never moved.
Click to expand...
All I did when it flagged was Quarantine, then I restored them after the Defender update. I guess they just went back where they were
 

My Computer My Computer

At a glance

Windows 11 Pro 25H2 (RP channel)AMD Ryzen 7 9800X3D 8-core64GB Corsair Titanium 6000/CL30MSI Suprim 5080 SOC
OS
Windows 11 Pro 25H2 (RP channel)
Computer type
PC/Desktop
Manufacturer/Model
MSI
CPU
AMD Ryzen 7 9800X3D 8-core
Motherboard
MEG X870E Godlike
Memory
64GB Corsair Titanium 6000/CL30
Graphics Card(s)
MSI Suprim 5080 SOC
Sound Card
Soundblaster AE-9
Monitor(s) Displays
ASUS TUF Gaming VG289Q
Screen Resolution
3840x2160
Hard Drives
Samsung 9100 Pro 4TB (gen 5 x4, system drive/games)
Samsung 990 Pro 2TB
Samsung 980 Pro 2TB
Samsung 870 Evo 4TB
Samsung 870 Evo 2TB
Samsung T9 4TB
PSU
Seasonic PX-2200
Case
Bequiet! Dark Base Pro 901
Cooling
Noctua NH-D15S Chromax black
Keyboard
Logitech G915 X (wired)
Mouse
Logitech G903 with PowerPlay charger
Internet Speed
900Mb/sec
Browser
Microsoft Edge
Antivirus
Windows Defender
You must log in or register to reply here.

Similar threads

Traffic Monitor Alternative - Windows Defender Threats
Replies
2
Views
4K
mccmw
mccmw
Solved Windows Defender keeps detecting and quarantining Trojan:Win32/Mamson.A!ml
Replies
16
Views
24K
cinematic6436
cinematic6436

Latest Support Threads

Latest Tutorials

Back
Top Bottom