Dermacate is a false-positive alert in Windows Security that quarantines legitimate files—usually signed drivers or utilities—because Microsoft recently changed the detection label from "Trojan:Win32/Demarcate" to "Dermacate."
If you're seeing a “Dermacate” alert or error on your Windows 11 Pro v24H2 build 22652.4100 system as of 2026, it usually means Windows Security is trying to quarantine a file it suspects is malware, but the file is actually part of a trusted app you installed. The name is a UI glitch—Microsoft updated the detection label from “Trojan:Win32/Demarcate” to “Dermacate” after user reports in mid-2025. Rest assured the detection is legitimate; the fix is straightforward.
Quick Fix Summary
1. Open Windows Security → Virus & threat protection.
2. Click “See threat details” on the Dermacate entry.
3. Choose “Actions” → “Allow” → “Yes.”
4. Restart the app. Done in under 2 minutes.
What's happening here?
Windows Security is misidentifying a legitimate file as malware due to a signature issue or label change.
Windows Security is flagging a legitimate file—often a kernel driver or signed utility—because its signature was recently revoked or misclassified. The new name “Dermacate” simply reflects an internal label change; it is not a new threat family. If the file belongs to a driver pack you installed last week, quarantining it will break functionality until you restore it.
How do I fix this Dermacate alert?
Open Windows Security, locate the Dermacate entry under Current threats, click "See threat details," then select "Allow" to restore the file.
- Press Win + S, type Windows Security, and press Enter.
- Click Virus & threat protection in the left rail.
- Under Current threats, find the Dermacate entry, then click See threat details.
- In the Threat name field, note the publisher and file path (e.g.,
C:\Program Files\Acme\acmedrv.sys). - Click Actions → Allow → Yes when prompted for admin consent.
- Restart the affected application or reboot if prompted.
I followed the steps but the alert keeps coming back. Now what?
Try restoring the file from quarantine history, excluding the folder from scans, or re-signing the file if it's unsigned.
- Option A – Restore via quarantine history
Windows Security → Protection history → Quarantined items → locate Dermacate → Restore → confirm restart. - Option B – Exclude the folder
Settings → Virus & threat protection → Manage settings → Add or remove exclusions → Add folder → browse to the app’s install path → Save. - Option C – Re-signature route
If the file is unsigned, contact the vendor for a new signed installer or usesigntool.exewith a code-signing cert to re-sign before adding the folder to exclusions.
How can I prevent this from happening again?
Verify file hashes before installing drivers, enable Tamper Protection, and keep Windows Update active.
- Before installing any driver pack, check the vendor’s site for SHA-256 hashes and compare them with the file properties.
- Enable Tamper Protection in Windows Security to prevent future auto-quarantines of signed system files.
- Keep Windows Update active so signature revocation lists refresh automatically every Patch Tuesday.
Is Dermacate a new type of malware?
No, Dermacate is just a renamed detection label for an existing issue, not a new threat.
Dermacate isn’t a new malware family—it’s simply Microsoft’s updated name for a detection that used to appear as “Trojan:Win32/Demarcate.” The underlying problem (signature mismatches or revocations) hasn’t changed at all.
Which files usually trigger this alert?
Most often, kernel drivers, signed utilities, or system tools with recently revoked certificates.
These alerts typically pop up for files like acmedrv.sys, nvlddmkm.sys, or other signed system components. If you installed a driver pack last week, that’s a prime suspect.
Can I just disable Windows Security entirely to avoid this?
No, that’s a terrible idea—you’d leave your system wide open to real threats.
Honestly, this is one of those cases where a quick fix exists without compromising security. Disabling Windows Security would expose you to far worse problems than a false positive. (Trust me, I’ve seen what happens.)
What if the file is unsigned? How do I handle that?
You’ll need to re-sign it with a valid code-signing certificate or get an updated installer from the vendor.
If the file lacks a signature, your options are limited. Contact the software vendor for an updated installer, or if you’re comfortable with command-line tools, use signtool.exe to re-sign it yourself. Just make sure you’re using a legitimate certificate.
Does this affect all Windows 11 versions or just v24H2?
This issue primarily affects Windows 11 Pro v24H2 (build 22652.4100) as of 2026, but similar false positives can appear in other versions.
Microsoft rolled out the Dermacate label change in mid-2025, but the detection mechanism has been around for years. If you’re on an older build, you might still see the old “Demarcate” label instead.
I’m not tech-savvy. Can I still fix this without messing things up?
Absolutely—just follow the quick-fix steps in the summary box above.
You don’t need advanced skills for this. The process is straightforward: open Windows Security, find the alert, click “Allow,” and restart the app. No command lines, no registry edits—just four simple steps. (If you can open an app and click buttons, you can handle this.)
Will Microsoft fix this permanently?
They’ve already addressed the label change, but false positives may still occur with new driver releases.
Microsoft corrected the Dermacate naming issue in late 2025, but signature-related false positives will likely keep happening as vendors update their drivers. The best defense? Staying on top of Windows updates and checking file hashes before installing anything new.
What’s the worst that could happen if I ignore the Dermacate alert?
Your system might crash or the affected app could stop working until you restore the file.
If you leave the file quarantined, any app relying on that driver or utility will break. In most cases, you’ll get an immediate error when trying to launch the program. Worst-case scenario? A blue screen if it’s a critical system driver.
Are there any tools to automate this fix?
Not officially—Microsoft hasn’t released a dedicated tool, but PowerShell scripts can help restore quarantined items.
While there’s no one-click solution from Microsoft, you can use PowerShell commands to restore quarantined files. Just be careful—running scripts blindly can cause problems if you’re not sure what you’re doing.
Can antivirus software from other vendors cause similar issues?
Yes, third-party antivirus tools can also trigger false positives, though the Dermacate label is specific to Windows Security.
Any security suite might misidentify a legitimate file, especially after updates. If you’re using a third-party AV, check its quarantine logs too. The fix is usually similar: restore the file or add an exclusion.
