MS Defender Update Removes Start Menu Shortcuts, Files and for some, Office
MS at it again
Tuesday, January 17, 2023 by DrJBHL | Discussion: Personal Computing
Well, MS did it again...an update which sabotages your computer.
"Last Friday was a rather unlucky day for Windows users and system administrators worldwide. According to multiple reports, Microsoft Defender for Endpoint turned into a shortcut and file "killer" that fateful day, after the security suite began to delete application shortcuts from the Windows Taskbar and Start Menu, sometimes even removing the linked program files from disk.
The issue was experienced by multiple system admins on Windows 10 and Windows 11, and its likely cause was soon pinned down to an ASR rule modified by a recent update for Defender. Attack surface reduction (ASR) rules target certain software behaviors like launching executables and scripts, running obfuscated scripts or "performing behaviors that apps don't usually initiate during normal day-to-day work," Microsoft explains." - Alfonso Maruccia, Techspot
MS explained the error here: https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/attack-surface-reduction?view=o365-worldwide
"A further update posted on Microsoft Community Hub offered a partial solution to this last issue, with a PowerShell script designed to recreate the deleted shortcuts for 33 of the most popular programs affected by the bug (see list below). Needless to say, the script didn't bring joy to those sysadmins that were forced to reinstall deleted programs or recreate the shortcuts that were deployed per-user in a multi-user organization.
Adobe Acrobat Adobe Photoshop 2023 Adobe Illustrator 2023 Adobe Creative Cloud Firefox Private Browsing Firefox Google Chrome Microsoft Edge Notepad++ Parallels Client Remote Desktop TeamViewer Royal TS6 Elgato StreamDeck Visual Studio 2022 Visual Studio Code Camtasia Studio Camtasia Recorder Jabra Direct 7-Zip File Manager Access Excel OneDrive OneNote Outlook PowerPoint Project Publisher Visio Word PowerShell 7 (x64) SQL Server Management Studio Azure Data Studio - ibid "
You can check your Defender update history by going to Settings>Windows Update>Update History>Definition Updates.
For those affected, there's this:
I haven't turned off my updates, as my system has updated without disaster...but, if your system hasn't updated yet, I'd advise you delay the update to give MS the opportunity to fix this.
You can read more about the 98 patches in the January update here: https://www.darkreading.com/vulnerabilities-threats/microsoft-new-year-patches-98-security-fixes
Additional information:
Please login to comment and/or vote for this skin.
Welcome Guest! Please take the time to register with us.
There are many great features available to you once you register, including:
- Richer content, access to many features that are disabled for guests like commenting on the forums and downloading skins.
- Access to a great community, with a massive database of many, many areas of interest.
- Access to contests & subscription offers like exclusive emails.
- It's simple, and FREE!
Reply #1 Tuesday, January 17, 2023 1:53 AM
Ah....so MS Defender defends you against MS....