Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Major Microsoft Defender ASR issue confirmed: shortcuts broken, application start up
#1
Exclamation 
Quote:Microsoft is investigating a major issue affecting users of its Windows operating system currently. According to the company's short message on Twitter, it is investigating an "issue where users are unable to access application shortcuts on the Start menu and Taskbar in Windows".

[Image: windows-issue-shortcuts.png]

Microsoft published a follow-up to the initial confirmation of its investigation. It states that Microsoft has identified the issue and "reverted the rule to prevent further impact" while the investigation continues.

Users with Admin Center access are asked to follow SI MO497128.

There, Microsoft provided more feedback on the issue.

"User impact: Users are unable to utilize the Application shortcuts on the Start menu and taskbar.

More info: The shortcut icons may not appear or would not work. We've receive reports that the ASR rule 'Block Win32 API calls from Office macro' is deleting the application shortcuts"

Günter Born notified me about the issue and collected information from various sources on his English blog. First user reports that he received indicated that an Office 365 update could have been the culprit, but further research suggests that the issue is not limited to Office 365.

Affected users and system administrators report that program icons disappear suddenly from the start menu and the desktop.

Martin Schmidli confirmed on Twitter that his organization was seeing the issue:
 
Quote:"We currently experience a weird issue. ASR is triggering the deletion of Shortcuts in the taskbar. OfficeClickToRun is blocked. Does somebody have this issue as well? Currently 2 Tenants. #Intune #MDE #Microsoft"

One administrator on Reddit suggested that the cause of the issue was an ASR, Attack Surface Restriction, rule. A potential workaround for the issue is to set the ASR Rule to audit in Intune.
 
Quote:Block Win32 API calls from Office macros
Rule-ID 92e97fa1-2edf-4476-bdd6-9dd0b4dddc7b

The workaround was confirmed by several users on various sites and messaging services already.

The issue should die down in the coming hours thanks to the reverting of the rule by Microsoft. It is unclear if shortcuts will be restored somehow once a permanent fix for the issue is published by Microsoft.  Several

The reports suggest that the issue is affecting business and Enterprise environments only or predominantly.

Now You: were you are machines in your organization affected by the issue?
...
Continue Reading
[-] The following 1 user says Thank You to harlan4096 for this post:
  • ismail
Reply
#2
Microsoft Script to restore (some) deleted Windows shortcuts after Defender ASR incident
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:





[-]
Recent Posts
AWZ Screen Recorder
AWZ Screen Recorder ...zevish — 11:05
Website X5 Go 2024.1
Website X5 Go 2024.1...zevish — 09:32
Apple's rules to allow third-party app ...
Apple has announ...alison30 — 09:28
Intel: Microsoft AI PCs need a Copilot K...
Microsoft hopes th...harlan4096 — 08:55
Synchredible 8 Professional Edition v8.2...
          Synchredib...zevish — 08:54

[-]
Birthdays
Today's Birthdays
No birthdays today.
Upcoming Birthdays
No upcoming birthdays.

[-]
Online Staff
There are no staff members currently online.

>