New attacks that hide behind SLK or symbolic link files to launch malicious content from Excel are handily caught by Windows Defender ATP as malicious behavior. Yes, we flag bad behaviors, .slk or otherwise.
To block attacks that use SLK with DDE, disable DDE and turn on Attack surface reduction in Windows Defender Exploit Guard.
Updated Feb 18, 2018
Version 3.0
Louie Mayor
Microsoft
Microsoft