An replace pushed to Microsoft’s Defender for Endpoints anti-malware utility has deleted software and utility shortcuts for Home windows customers worldwide, forward of the weekend.
A Defender signature replace, model 1.381.2140.0, contained an Assault Floor Discount (ASR) rules named “Block Win32 API calls from Workplace macro”,
Microsoft has confirmed that it’s a defective rule that deleted the Begin menu and Taskbar shortcuts, and mentioned the problem has now been resolved, referring customers to merchandise MO4977128 within the admin heart portal.
Customers have published workarounds to treatment the problem, however making use of them seems to be onerous for directors.
I am surprised with shock on account of this. Think about being the only individual liable for patching over 8000 property. Now think about half of these property are actually bricks to their customers, now think about being me.
Thanks very a lot for the worst day I’ve had in patching historical past ever.
— Deon Seymour (@ghoststomper) January 13, 2023
It’s attainable to make use of Microsoft’s InTune utility to revive shortcuts, icons and apps, however admins are complaining that the method is simply too sluggish and that they should spend days to manually restore every affected laptop.
Numerous customers and directors have reported that icons and software shortcuts have been deleted from the Begin menu and Taskbar, though the precise quantity is just not identified.
ASRs have been launched with the Microsoft Defender Antivirus in Home windows 10, model 1709, with the total algorithm solely obtainable to clients with an Enterprise license.
