Update: Microsoft has now issued a fix but says it can't restore the shortcuts deleted by Defender for you.
Although Microsoft Defender is generally a good anti-malware solution, the program can often go haywire on harmless stuff leading to its very poor false positive scores in third-party assessment programs.
Earlier today, a similar thing happened when IT and system admins began reporting that after updating Defender definitions, they could no longer access shortcuts for apps in the Taskbar and Start menu. The issue was seemingly caused by the security intelligence update version 1.381.2140.0, as Defender would delete all shortcuts (.lnk) files located inside ProgramData\Microsoft\Windows\Start Menu\Programs.
Users say the issue is happening on Windows 10 though it is possible that Windows 11 might have been affected too. System admins were working around the issue by setting Attack Surface Reduction Rule (ASR) rule "92e97fa1-2edf-4476-bdd6-9dd0b4dddc7b" to Audit only (via Reddit).
A few hours ago the official Microsoft 365 Status Twitter handle confirmed the problem and stated that it was looking into the issue:
We're investigating an issue where users are unable to access application shortcuts on the Start menu and Taskbar in Windows. For more details and updates, please follow the SI MO497128 in your admin center.
— Microsoft 365 Status (@MSFT365Status) January 13, 2023
An hour later, Microsoft updated its status saying that it had identified the problem and had reverted the rule back:
We've identified that a specific rule was resulting in impact. We've reverted the rule to prevent further impact whilst we investigate further. For more information, please follow the SI MO497128 in your admin center.
— Microsoft 365 Status (@MSFT365Status) January 13, 2023
However, IT admins are still visibly a bit furious as they would now need to restore the deleted shortcuts.
Thanks for the tip majortom1981!
9 Comments - Add comment