Microsoft 365 Alert – Service Degradation – Microsoft Defender XDR – Users may intermittently fail to open reports connected to Direct Lake semantic models in Microsoft Fabric – RESOLVED

04/05/2026 08:51:00 AM

NHSmail Reference: INC46816239

Microsoft Reference: DZ1299600

Issue Status: RESOLVED

Issue Description: Users may intermittently fail to open reports connected to Direct Lake semantic models in Microsoft Fabric.

More info: Users may have received an alert in Microsoft Defender Antivirus notifying them of the following alert:
“‘Cerdigent’ high-severity malware was detected
Malware: Trojan:Win32/Cerdigent.A!dha”

Affected users were encouraged to update to Security Intelligence Version 1.449.430.0 or a later version to remediate impact.

While we were working to recover quarantined certificates and files, admins could have expedited recovery using the following command:
Open Command Prompt as administrator and navigate to:
C:\Program Files\Windows Defender
Run the following command:
MpCmdRun.exe -Restore -Name “Trojan:Win32/Cerdigent.A!dha” -All

This command restores all items quarantined under this detection name.

Final Update: 04/05/2026 08:37:00 AM– Microsoft has completed our investigation to identify files and certificates that were previously incorrectly quarantined and successfully recovered them, resolving impact for users.

Scope of impact: Some users may have received alerts in Microsoft Defender for Antivirus notifying them of false positive alerts for specific certificates.

Root cause: A detection logic issue in a recent antivirus intelligence update caused legitimate files or certificates to be incorrectly identified as “Trojan:Win32/Cerdigent.A!dha.”

Next steps: Microsoft are assessing our antivirus intelligence update process to minimize the introduction of future detection logic issues. They will provide a preliminary Post-Incident Report within two business days and a final Post-Incident Report within five business days.