Techies are reporting that Microsoft Defender for Endpoint onslaught aboveground simplification (ASR) rules person gone haywire and are removing icons and applications shortcuts from the Taskbar and Start Menu.

The problems were archetypal noted aboriginal today, Friday 13th, by aggregate IT people and galore look to beryllium scratching their caput arsenic to the cause. Some said they are experiencing it connected some Windows 10 and Windows 11.

"I noticed it astatine astir 8.45am (UTC)," 1 techie astatine an autarkic bundle store told us. "The ASR regularisation is removing icons connected the taskbar and Start Menu and successful immoderate cases uninstalling Microsoft Office arsenic well."

ASR is designed to marque a PC safer by blocking macros etc, but the clean-up is surely much melodramatic than expected. "It conscionable happened, we don't cognize what caused it.

"We suspected it was a KB – a spot from Tuesday – that went incorrect but I’ve spoken to plentifulness of others this greeting and we deliberation it is decidedly related to the ASR rules."

A thread connected Reddit indicates this isn't an isolated incidental with different sysadmins jumping in. The idiosyncratic that started the speech said:

"We precocious onboarded our property to Defender for Endpoint and we’ve had a fig of reports this greeting that their programme shortcuts (Chrome, Firefox, Outlook person each vanished pursuing a reboot of their machine, which has besides occurred for maine too. It seems to beryllium blocking from the rule: 'Block Win32 API calls from Office macro'."

Another said they were seeing "exactly the aforesaid issue" and had to "push a argumentation update to acceptable this regularisation into Audit mode alternatively of Block – arsenic it's trashing astir each 3rd enactment apps and adjacent archetypal enactment ones arsenic you’ve said – Slack, Chrome, Outlook."

"Same. Huge numbers of machines nuked successful the past hour. Happy Friday," said another. All Microsoft apps including Excel and Word had besides gone AWOL, said yet 1 much sysadmin.

Microsoft has truthful acold remained publically soundless connected the problem, though it has published MO497128 nether the Microsoft 365 Suite class and not the Defender category, warning:

One techie has claimed the occupation is related to the newest Defender signature (1.381.2140.0). They said it past appears “all shortcuts located ProgramData\Microsoft\Windows\Start Menu\Programs volition beryllium deleted instantly.”

Deleting ASR rules worked for 1 IT pro, and different said it changed the regularisation to Audit “and it appears to work. The trouble is that the InTune argumentation isn’t applying peculiarly rapidly and we besides request to repair Office connected immoderate machines arsenic the outlook.exe is virtually missing (not conscionable the shortcut).”

• Windows breaks nether upgraded IceXLoader malware
• US Supremes contradict Pegasus spyware maker's immunity claim
• Google warns of commercialized Heliconia spyware hitting Chrome, Firefox, Microsoft Defender
• Microsoft says it's boosted phishing extortion successful Windows 11 22H2

In agreement, a poster said: “Set defender ASR regularisation 92e97fa1-2edf-4476-bdd6-9dd0b4dddc7b to audit only. Confirmed moving but volition lessen your defences. Big hazard if applied org wide, tally it by management.”

Frustration past turned to anger. “How successful the hellhole did this update marque it past Microsoft testing/QA?? They trial earlier they propulsion updates, right? Guys? Right?”.

And: “Yep Microsoft person fucked it. False Attack Surface alerts for astir of Start Menu shortcuts.”

One much added: “Defender truly is the Gift that keeps connected giving!”

We person asked Microsoft to remark and volition update erstwhile Redmond makes it to the keyboard. ®