Microsoft angers admins due to insufficient fix for restoring app shortcuts deleted by buggy Defender ASR rule

Administrators are frustrated over the buggy Microsoft Defender ASR rule that deleted Windows application shortcuts from the desktop, Start menu, and taskbar. The Redmond company already released a remedy to address the issue, but it seemed ineffective in completely resolving it.

Last Friday, January 13, the software company released a Microsoft Defender signature update that made a change to the Attack Surface Reduction (ASR) rule. Unfortunately, the update contained a bug that caused Microsoft Defender to detect false positives, which later resulted in the deletion of Microsoft and third-party app shortcuts in different managed devices. Apparently, this became a huge problem for administrators who tried to restore the shortcuts as affected users experienced inconvenience in accessing their work-related apps.

To resolve it, Microsoft reverted the change through the new signature update 1.381.2164.0.

“This issue is resolved in security intelligence update build 1.381.2164.0. Installing security intelligence update build 1.381.2164.0 or later should prevent the issue, but it will not restore previously deleted shortcuts. You will need to recreate or restore these shortcuts through other methods,” Microsoft said.

On Saturday, the tech giant tried to further address the issue through Advanced Hunting Queries (AHQ) and a PowerShell script, which should spot the affected shortcuts and recreate them. However, the relief the AHQ and the script could bring is very limited. Specifically, the latter only works for thirty-three programs, so it won’t cover other apps included on the script’s list. And while the PowerShell script’s $programs array can be modified to add the applications not covered, it means additional inconvenience to affected admins. Worse, some Windows admins with the problem reported that the script didn’t restore Microsoft Office shortcuts and even failed to put them back to the Windows Taskbar Quick Launch toolbar and the Windows desktop. With this, manually recreating the deleted shortcuts could be the only solution for Windows administrators and IT support in some affected apps.

“I suspect that these links have been lost indefinitely and us administrators are going to have to recover the Start Menu, and the users are going to have to repin every Taskbar and Quick Launch shortcut manually,” one user expressed annoyance on Microsoft’s Tech Community forum. “Who on earth released that update without checking the impact! There are thousands of administrators across the globe now having to repair their environments which is causing a major impact on productivity.”