Defender update deletes Windows Start menu and Taskbar shortcuts

Defender update deletes Windows Start menu and Taskbar shortcuts

Faulty Attack Surface Reduction rule to blame.

By on

An update pushed to Microsoft's Defender for Endpoints anti-malware utility has deleted application and utility shortcuts for Windows users worldwide, ahead of the weekend last week.

A Defender signature update, version 1.381.2140.0, contained an Attack Surface Reduction (ASR) rule named "Block Win32 API calls from Office macro", 

Microsoft has confirmed that it is a faulty rule that deleted the Start menu and Taskbar shortcuts, and said the issue has now been resolved, referring users to item MO4977128 in the admin centre portal.

Users have published workarounds to remedy the issue, but applying them appear to be onerous for administrators.

It is possible to use Microsoft's InTune utility to restore shortcuts, icons and apps, but admins are complaining that the process is too slow and that they will have to spend days to manually repair each affected computer.

A large number of users and administrators have reported that icons and application shortcuts were deleted from the Start menu and Taskbar, although the exact number is not known.

ASRs were introduced with the Microsoft Defender Antivirus in Windows 10, version 1709, with the full set of rules only available to customers with an Enterprise license.

Update: Microsoft has since published recovery instructions, and published a script on Github that recovers some shortcuts deleted by Defender ASRs. However, admins have complained that the automated tools are incomplete.

To reach the editorial team on your feedback, story ideas and pitches, contact them here.
Copyright © . All rights reserved.

Most Read Articles