Forum Discussion
Block Win32 API calls from Office macros blocks all app shortcuts from working
Block Win32 API calls from Office macros currently blocks all app shortcuts from working. We also cannot add shortcuts to the task bar. Anybody else experiencing something similar?
How did you disable it? Kiril
From here?
And did you set it to off or Not configured?
Thank you
PS: Shortcuts wiped from most of our devices.. Citrix, Chrome, Office apps, etc
Yes, I disabled it there, and set it from "Block" to "Audit" so I can still see the events.
Now at least everything is audited:
Kiril We are also getting the same in our office. Half of our MS Application Shortcuts have gone. Even I lost entire Office Suite. heaven knows when this will be fixed. Any info or update will be appreciated.
- Go to: https://endpoint.microsoft.com/#view/Microsoft_Intune_Workflows/SecurityManagementMenu/~/asr
Then create a new Policy if you haven't done that already.
Set the Block Win32 API calls from Office macros to Warn or Audit
In Audit you will see what Defender might have done (block or allow) in case it was set to Block.
In Warn mode, the users will be able to bypass that "block" and allow it to run.
Push it out to everybody and ask them to go into Company Portal, Settings and do a Sync to receive the new policy and pray 🙂
For me it stopped with the stupid deletion.
It will remove anything related to Adobe, Chrome, Citrix, ASG Remote, Putty, and many many more.
My desktop is half empty now and wondering if there's any way to bring them back...
PS: also some of your taskbar icons will turn white, and as soon as you want to click on them it will ask you to remove the shortcut.- And you can check the reports here: https://security.microsoft.com/asr?viewid=detections
- Running into the same issue. Can someone from Microsoft look into this please?
