>
There are only two “Friday the 13th” in 2023, and the first has already seen Microsoft scramble to fix an issue that hit users’ start menus and taskbars after a failed update to its Defender antivirus.
After the accident, Microsoft took to the Internet to confirm it (opens in new tab) that many users had experienced “a series of false positives” for the “Block Win32 API calls from Office macro” Attack Surface Reduction (ASR) rule, causing many program shortcuts (.lnk files) to disappear.
One of the company’s initial proposed solutions was to convert the “Win32 API calls from Office macro” rule to audit mode. However, Microsoft has now released a more comprehensive fix that allows users to switch the ASR rule back to block mode after implementation.
Microsoft Defender issue
The company has told users to upgrade to security intelligence build 1.381.2164.0 or later. An excerpt from the help page reads:
“Microsoft has confirmed steps customers can take to recreate start menu links for a significant portion of affected applications that have been removed.”
The steps are provided as a PowerShell script on a GitHub page (opens in new tab) – a developer platform owned by Microsoft. There is also a set of instructions on how to deploy the script using Intune, which many users talked about when it came to discussing the gaffe on platforms such as Reddit (opens in new tab) and that of Microsoft Tech Community page (opens in new tab).
A user asked Microsoft “why Defender didn’t log the deletions of the lnk file”.
As the problem remains an ongoing source of disruption among Microsoft users, it’s unclear whether the fix has been enough for the tech giant to restore some of its lost confidence. In general, user experiences remain a mixed bag, with some claiming successful fixes and others reporting errors.