There are only two days left on Friday the 13th in 2023, and the first has already seen Microsoft struggle to fix an issue affecting users’ Start menus and taskbars after a botched update to its Defender antivirus.
In the aftermath of the incident, Microsoft turned to the Internet for confirmation (Opens in a new tab) That many users have experienced a “series of false positives” for the “block Win32 API calls from Office macro” rule, resulting in many program shortcuts (.lnk files) disappearing.
One of the fixes initially proposed by the company was to switch the “Block Win32 API calls from Office macros” rule to audit mode, however Microsoft has now released a more comprehensive fix that, after publication, will allow users to turn the ASR rule back into blocking mode.
Microsoft Defender problem
The company has asked users to upgrade to Security Information version 1.381.2164.0 or later. Text extract from the help page:
“Microsoft has confirmed steps customers can take to re-establish Start menu links for a significant subset of affected apps that have been deleted.”
The steps are provided as a PowerShell script on file GitHub page (Opens in a new tab) – Developed platform owned by Microsoft. There is also a set of instructions for deploying the script using Intune, which many users have been talking about when it comes to discussing the fatal error on platforms like reddit (Opens in a new tab) and microsoft Technical community page (Opens in a new tab).
A user asked Microsoft “Why isn’t Defender logging lnk file deletions”.
With the issue continuing to be an ongoing source of turmoil among Microsoft users, it’s unclear if the fix will be enough for the tech giant to restore some lost trust. Overall, user experiences remain a mixed bag, with some claiming that restores are successful, and others reporting errors.