{"id":598751,"date":"2023-01-18T06:49:19","date_gmt":"2023-01-18T12:49:19","guid":{"rendered":"https:\/\/news.sellorbuyhomefast.com\/index.php\/2023\/01\/18\/microsoft-releases-fix-for-botched-windows-defender-update-but-its-still-facing-problems\/"},"modified":"2023-01-18T06:49:19","modified_gmt":"2023-01-18T12:49:19","slug":"microsoft-releases-fix-for-botched-windows-defender-update-but-its-still-facing-problems","status":"publish","type":"post","link":"https:\/\/newsycanuse.com\/index.php\/2023\/01\/18\/microsoft-releases-fix-for-botched-windows-defender-update-but-its-still-facing-problems\/","title":{"rendered":"Microsoft releases fix for botched Windows Defender update, but it&#8217;s still facing problems"},"content":{"rendered":"<article aria-label=\"article\" data-id=\"NcoU6ogw5eigyVSNCoNUQ4\">\n<header>\n<nav aria-label=\"Breadcrumbs\">\n<ol>\n<li>\n<a href=\"https:\/\/www.techradar.com\" aria-label=\"Return to Home\">Home<\/a>\n<\/li>\n<li>\n<a href=\"https:\/\/www.techradar.com\/news\" aria-label=\"Return to News\">News<\/a>\n<\/li>\n<li>\n<a href=\"https:\/\/www.techradar.com\/computing\" aria-label=\"Return to Computing\">Computing<\/a>\n<\/li>\n<\/ol>\n<\/nav>\n<\/header>\n<section>\n<div itemprop=\"image\" itemscope itemtype=\"https:\/\/schema.org\/ImageObject\">\n<div>\n<picture><source type=\"image\/webp\" alt=\"Microsoft Defender home personal dashboard\" onerror=\"if(this.src &#038;&#038; this.src.indexOf('missing-image.svg') !== -1){return true;};this.parentNode.replaceChild(window.missingImage(),this)\"   data-original-mos=\"https:\/\/cdn.mos.cms.futurecdn.net\/DHw9brCkWMvEqmjWeQeLUh.jpg\" data-pin-media=\"https:\/\/cdn.mos.cms.futurecdn.net\/DHw9brCkWMvEqmjWeQeLUh.jpg\"><source type=\"image\/jpeg\" alt=\"Microsoft Defender home personal dashboard\" onerror=\"if(this.src &#038;&#038; this.src.indexOf('missing-image.svg') !== -1){return true;};this.parentNode.replaceChild(window.missingImage(),this)\"   data-original-mos=\"https:\/\/cdn.mos.cms.futurecdn.net\/DHw9brCkWMvEqmjWeQeLUh.jpg\" data-pin-media=\"https:\/\/cdn.mos.cms.futurecdn.net\/DHw9brCkWMvEqmjWeQeLUh.jpg\"><img decoding=\"async\" src=\"https:\/\/cdn.mos.cms.futurecdn.net\/DHw9brCkWMvEqmjWeQeLUh-320-80.jpg\" alt=\"Microsoft Defender home personal dashboard\" onerror=\"if(this.src &#038;&#038; this.src.indexOf('missing-image.svg') !== -1){return true;};this.parentNode.replaceChild(window.missingImage(),this)\"   data-original-mos=\"https:\/\/cdn.mos.cms.futurecdn.net\/DHw9brCkWMvEqmjWeQeLUh.jpg\" data-pin-media=\"https:\/\/cdn.mos.cms.futurecdn.net\/DHw9brCkWMvEqmjWeQeLUh.jpg\"><\/picture>\n<\/div>\n<p><meta itemprop=\"url\" content=\"https:\/\/cdn.mos.cms.futurecdn.net\/DHw9brCkWMvEqmjWeQeLUh.jpg\"><br \/>\n<meta itemprop=\"height\" content=\"600\"><br \/>\n<meta itemprop=\"width\" content=\"338\"><figcaption itemprop=\"caption description\">\n<span itemprop=\"copyrightHolder\">(Image credit: Microsoft)<\/span><br \/>\n<\/figcaption><\/div>\n<div id=\"article-body\">\n<p>There are only two \u2018Friday the 13th\u2019s in 2023, and the first has already seen Microsoft scrambling to <a href=\"https:\/\/www.techradar.com\/news\/microsoft-defender-goes-haywire-deletes-start-menu-icon-taskbar-and-more\">fix an issue that affected users\u2019 Start menus and taskbars<\/a> following a botched update to its Defender <a href=\"https:\/\/www.techradar.com\/best\/best-antivirus\">antivirus<\/a>.<\/p>\n<p>Following the mishap, Microsoft took to the Internet to <a href=\"https:\/\/go.redirectingat.com\/?id=92X363&#038;xcust=trdpro_us_6249210342064329000&#038;xs=1&#038;url=https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fmicrosoft-defender-for-endpoint%2Frecovering-from-attack-surface-reduction-rule-shortcut-deletions%2Fba-p%2F3716011&#038;sref=https%3A%2F%2Fwww.techradar.com%2Fnews%2Fmicrosoft-releases-fix-for-botched-windows-defender-update-but-its-still-facing-problems\" target=\"_blank\" data-url=\"https:\/\/techcommunity.microsoft.com\/t5\/microsoft-defender-for-endpoint\/recovering-from-attack-surface-reduction-rule-shortcut-deletions\/ba-p\/3716011\" data-hl-processed=\"skimlinks\" data-placeholder-url=\"https:\/\/go.redirectingat.com\/?id=92X363&#038;xcust=hawk-custom-tracking&#038;xs=1&#038;url=https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fmicrosoft-defender-for-endpoint%2Frecovering-from-attack-surface-reduction-rule-shortcut-deletions%2Fba-p%2F3716011&#038;sref=https%3A%2F%2Fwww.techradar.com%2Fnews%2Fmicrosoft-releases-fix-for-botched-windows-defender-update-but-its-still-facing-problems\" rel=\"sponsored noopener\" referrerpolicy=\"no-referrer-when-downgrade\" data-google-interstitial=\"false\" data-merchant-name=\"SkimLinks - microsoft.com\" data-merchant-id=\"undefined\" data-merchant-url=\"undefined\" data-merchant-network=\"undefined\">confirm<\/a><span> (opens in new tab)<\/span> that many users had experienced \u201ca series of false positive detections\u201d for the \u201cBlock Win32 API calls from Office macro\u201d Attack Surface Reduction (ASR) rule, leading to many program shortcuts (.lnk files) vanishing.<\/p>\n<p>Among the initially suggested fixes from the company was to turn the \u201cBlock Win32 API calls from Office macro\u201d rule into audit mode, however Microsoft has now issued a more comprehensive fix that, after deploying, will allow users to turn the ASR rule back into block mode.<\/p>\n<h2 id=\"microsoft-defender-problem\">Microsoft Defender problem<\/h2>\n<p>The company has told users to upgrade to security intelligence build 1.381.2164.0 or later. An extract from the help page reads:<\/p>\n<p>\u201cMicrosoft has confirmed steps that customers can take to recreate start menu links for a significant sub-set of the affected applications that were deleted.\u201d<\/p>\n<p>The steps have been provided as a PowerShell script on a <a href=\"https:\/\/github.com\/microsoft\/MDE-PowerBI-Templates\/blob\/master\/ASR_scripts\/AddShortcuts.ps1\" target=\"_blank\" data-url=\"https:\/\/github.com\/microsoft\/MDE-PowerBI-Templates\/blob\/master\/ASR_scripts\/AddShortcuts.ps1\" rel=\"noopener\"><u>GitHub page<\/u><\/a><span> (opens in new tab)<\/span> &#8211; a developer platform that Microsoft owns. There\u2019s also a set of instructions for deploying the script using Intune, which many users were vocal about when it came to discussing the blunder on platforms like <a href=\"https:\/\/www.reddit.com\/r\/sysadmin\/comments\/10ar8y3\/windows_defender_asrfalsely_blocking_and_removing\/\" target=\"_blank\" data-url=\"https:\/\/www.reddit.com\/r\/sysadmin\/comments\/10ar8y3\/windows_defender_asrfalsely_blocking_and_removing\/\" rel=\"noopener\"><u>Reddit<\/u><\/a><span> (opens in new tab)<\/span> and Microsoft\u2019s own <a href=\"https:\/\/go.redirectingat.com\/?id=92X363&#038;xcust=trdpro_us_6934845747903105000&#038;xs=1&#038;url=https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fmicrosoft-defender-for-endpoint%2Fantivirus-deletes-all-shortcuts-from-the-desktop%2Fm-p%2F3715351&#038;sref=https%3A%2F%2Fwww.techradar.com%2Fnews%2Fmicrosoft-releases-fix-for-botched-windows-defender-update-but-its-still-facing-problems\" target=\"_blank\" data-url=\"https:\/\/go.redirectingat.com\/?id=92X363&#038;xcust=trdpro_gb_1153145531297556500&#038;xs=1&#038;url=https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fmicrosoft-defender-for-endpoint%2Fantivirus-deletes-all-shortcuts-from-the-desktop%2Fm-p%2F3715351&#038;sref=https%3A%2F%2Fwww.techradar.com%2Fnews%2Fmicrosoft-defender-goes-haywire-deletes-start-menu-icon-taskbar-and-more\" data-hl-processed=\"skimlinks\" data-placeholder-url=\"https:\/\/go.redirectingat.com\/?id=92X363&#038;xcust=hawk-custom-tracking&#038;xs=1&#038;url=https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fmicrosoft-defender-for-endpoint%2Fantivirus-deletes-all-shortcuts-from-the-desktop%2Fm-p%2F3715351&#038;sref=https%3A%2F%2Fwww.techradar.com%2Fnews%2Fmicrosoft-releases-fix-for-botched-windows-defender-update-but-its-still-facing-problems\" rel=\"sponsored noopener\" referrerpolicy=\"no-referrer-when-downgrade\" data-google-interstitial=\"false\" data-merchant-name=\"SkimLinks - microsoft.com\" data-merchant-id=\"undefined\" data-merchant-url=\"undefined\" data-merchant-network=\"undefined\"><u>Tech Community page<\/u><\/a><span> (opens in new tab)<\/span>.<\/p>\n<p>One user asked Microsoft \u201cwhy Defender did not record the lnk file deletions\u201d.<\/p>\n<p>As the problem continues to be an ongoing source of disruption among Microsoft users, it\u2019s unclear whether the fix has been enough for the tech giant to restore some of its lost faith. Overall, user experiences remain a mixed bag, with some claiming successful restores, and others reporting errors.<\/p>\n<ul>\n<li>We\u2019ve rounded up the <a href=\"https:\/\/www.techradar.com\/best\/best-malware-removal\"><u>best malware removal tools<\/u><\/a><\/li>\n<\/ul>\n<\/div>\n<div data-hydrate=\"true\" data-reactroot id=\"slice-container-newsletterForm-articleInbodyContent\">\n<section>\n<p>Sign up to theTechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!<\/p>\n<\/section>\n<\/div>\n<div data-reactroot id=\"slice-container-authorBio\">\n<p>With several years\u2019 experience freelancing in tech and automotive circles, Craig\u2019s specific interests lie in technology that is designed to better our lives, including AI and ML, productivity aids, and smart fitness. He is also passionate about cars and the electrification of personal transportation. As an avid bargain-hunter, you can be sure that any deal Craig finds is top value!<\/p>\n<\/div>\n<\/section>\n<p><a href=\"https:\/\/www.techradar.com\/news\/microsoft-releases-fix-for-botched-windows-defender-update-but-its-still-facing-problems\" class=\"button purchase\" rel=\"nofollow noopener\" target=\"_blank\">Read More<\/a><br \/>\n Blythe Redner<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Home News Computing (Image credit: Microsoft) There are only two \u2018Friday the 13th\u2019s in 2023, and the first has already seen Microsoft scrambling to fix an issue that affected users\u2019 Start menus and taskbars following a botched update to its Defender antivirus.Following the mishap, Microsoft took to the Internet to confirm (opens in new tab)<\/p>\n","protected":false},"author":1,"featured_media":598752,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[78,1492,46],"tags":[],"class_list":{"0":"post-598751","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-microsoft","8":"category-releases","9":"category-technology"},"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/posts\/598751","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/comments?post=598751"}],"version-history":[{"count":0,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/posts\/598751\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/media\/598752"}],"wp:attachment":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/media?parent=598751"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/categories?post=598751"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/tags?post=598751"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}