Forum Discussion

MCT

Jan 13, 2023

Solved

Antivirus deletes all shortcuts from the desktop

After this morning's update of security intelligence to version 1.381.2140.0, defender is deleting on all clients all links to applications; does anyone have the same problem?

yongrheemsft
Jan 14, 2023
https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/recovering-from-attack-surface-reduction-rule-shortcut-deletions/ba-p/3716011

Shayanlarkbury

Copper Contributor

Jan 13, 2023

Have the same exact issue but we do not even have the Block Win32 API Calls from Office Macro configured within our ASR rules so very frustrated to be in this position.

To force the point. I have created a new rule and set Block Win32 API Calls from Office Macro to Audit mode.

Hoping this calms things down.