After this morning's update of security intelligence to version 1.381.2140.0, defender is deleting on all clients all links to applications; does anyone have the same problem?
Now there is the advisory on Service health in Microsoft365 Admin portal: Some users are unable to utilize the Application shortcuts on the Start menu and taskbar MO497128, Last updated: January 13, 2023 12:57 PM Estimated start time: January 13, 2023 12:43 PM
We are also affected, started around 10:30am GMT+2. We saw Defender deleting .lnk files and also blocking/deleting Windows Store Apps from Microsoft. We changed the affected ASR rule and try to force all clients to sync, but it may be to late from my reports we got so far.
We've identified that a specific rule was resulting in impact. We've reverted the rule to prevent further impact whilst we investigate further. This quick update is designed to give the latest information on this issue.
The support team have confirmed this is a known issue from today .. and recommend doing this until the fix. They also tell me that they will get the shortcuts put back.. but we'll see
Yes I was bit by this problem this morning. Thank goodness for Macrium Reflect backups. However, it won’t do me any good unless this issue is resolved as the shortcuts will just be deleted again.
Have the same exact issue but we do not even have the Block Win32 API Calls from Office Macro configured within our ASR rules so very frustrated to be in this position.
To force the point. I have created a new rule and set Block Win32 API Calls from Office Macro to Audit mode.
After updating and restarting, the links are no longer deleted. The problem remains that if I run the search for a program it does not find it unless I add .exe (e.g., outlook.exe)
