Forum Discussion
Solved
Antivirus deletes all shortcuts from the desktop
After this morning's update of security intelligence to version 1.381.2140.0, defender is deleting on all clients all links to applications; does anyone have the same problem?
After Defender removed Microsoft Edge from the Start Menu, the Edge icons are now blank. While it's possible to manually create shortcuts, it would be better if Microsoft rolled out a proper fix for this Defender issue.
Screenshot showing blank icons
- Looks like most of my shortcuts are coming back .. this is what support said they would do
- Hello,
Does anyone know how to pull data on the "security intelligence" version installed on devices from Microsoft Defender Console /or from Intune?
Thanks in dvance. micheleariis Yes our company has the same issue. The workaround we're using for now is to type the file name into the start menu and launch the programs directly:
WinWord.exe
Excel.exe
MSEdge.exe
Outlook.exe
- Someone created a PowerShell script as a remedition on Reddit, check it out:
https://www.reddit.com/r/sysadmin/comments/10ar1vb/comment/j46d16f/?utm_source=share&utm_medium=web2x&context=3- Has MS pulled the latest update? I am not getting now when I Check for updates.
phillipank wrote:
Has MS pulled the latest update? I am not getting now when I Check for updates.I'm not sure, but the latest version is 1.381.2152.0
https://www.microsoft.com/en-us/wdsi/definitions/antimalware-definition-release-notes
Have released the updated to version 1.381.2152.0
Update
After updating and restarting, the links are no longer deleted.
The problem remains that if I run the search for a program it does not find it unless I add .exe (e.g., outlook.exe)- It does not fix by itself, link files are deleted. You have to reinstall/repair the application to get these .lnk files recreated. I have around 50% of all client so far affected. Thank you Microsoft for this s§$&%§ Friday 13 event. It looks like we have to reimage all the systems. Fiddeling with individuel machines to reinstall all apps requires way to much time and personal.
sjansen I believe the shortcuts are now cloud based - hence they can delete them. I was told off support the update will reset all shortcuts back to normal for all devices
Once the ASR Rules is set to Audit Only, how do we restore all lnk shortcuts that the system removed? This is something that needs to be addresses as well. Sohel68
Have the same exact issue but we do not even have the Block Win32 API Calls from Office Macro configured within our ASR rules so very frustrated to be in this position.
To force the point. I have created a new rule and set Block Win32 API Calls from Office Macro to Audit mode.
Hoping this calms things down.
- Setting the ASR rule to audit instead of block is a big security risk.
Just don't do it. Wait until a fix is released. I hope MS will push the fix soon.
Great job on Friday the 13th though 🙂- thats the official Microsoft line .. had that from support on an email . Never realised Friday 13Th .. nightmare
Shayanlarkburywhere are you creating this rule?
- Endpoint Manager > Endpoint Security > Attack Surface Reduction > Create a Policy here.
As in the trailing comments. Hoping once MS resolves this problem, we can switch this policy back to block....
- Yes I was bit by this problem this morning. Thank goodness for Macrium Reflect backups. However, it won’t do me any good unless this issue is resolved as the shortcuts will just be deleted again.
- Yes! We were also affected.
