Microsoft Defender Windows Antivirus could soon protect all your devices

There are only two "Friday the XNUMXth" in XNUMX, and the first already saw Microsoft scramble to fix an issue that affected users' start menus and taskbars after a botched update to its Protect antivirus. .

After the crash, Microsoft took to the internet to confirm (opens in a new tab) that many users experienced "a series of false positive detections" for the office macro "Block Win32 API calls to attack rate reduction." the surface (ASR), which led to many program shortcuts (.lnk files) disappear.

Among the fixes initially suggested by the company was to turn the "Block Win32 API calls from Office macro" rule into audit mode, but Microsoft has now released a more comprehensive fix that, after implementation, will leave users return to put the ASR rule in Block Mode.

Microsoft defender issue

The company has asked users to upgrade to Security Intelligence version 1.381.2164.0 or later. An excerpt from the help page reads:

"Microsoft has confirmed steps customers can take to recreate Start menu links for a significant subset of affected applications that have been removed."

The steps were given as a PowerShell script on a page on GitHub (opens in a new tab), a development platform owned by Microsoft. There's also a set of instructions for embedding the script using Intune, which many users came up with when discussing the bug on platforms like Reddit (opens in a new tab) and Microsoft's own Tech Community page (opens in a new tab).

One user asked Microsoft "why Protect didn't log lnk file deletions."

Given that the issue remains a continuing source of disruption among Microsoft users, it's unclear if the fix was enough for the tech giant to restore some of the lost trust. As a general rule, user experiences remain mixed, with some claiming successful restores and others reporting failures.

Share This