Forum Discussion
Microsoft Defender KQL query for deletion lnk files - Following Friday 13th Event
Hi, Following the Friday 13th event with Defender ASR block and removing of shortcut links. Has anyone been able to use the Defender Timeline information on assets to report on the shortcut links...
Hi Heike,
Thanks for the link. We have already reviewed and using the script for the core applications but it doesn't help us with the discovery of the business applications which have been impacted.
Really need a list of every shortcut lnk file which has been deleted from the machines but cannot find that information in our device timelines which means I can't search it in advanced hunting.
Thanks for the link. We have already reviewed and using the script for the core applications but it doesn't help us with the discovery of the business applications which have been impacted.
Really need a list of every shortcut lnk file which has been deleted from the machines but cannot find that information in our device timelines which means I can't search it in advanced hunting.
During my investigations I have come across the Microsoft Store application Windows File Recovery - https://apps.microsoft.com/store/detail/windows-file-recovery/9N26S50LN705.
It appears will only install in user context, if we could get it to install in the system context then maybe it could help customers to restore files.
It appears will only install in user context, if we could get it to install in the system context then maybe it could help customers to restore files.