Monday, January 30, 2023
  • Events
  • Interviews
  • Jobs
  • Opinion
  • Whitepapers
  • Glossary
  • Community Forum
  • Web Hosting Directory
  • Login
  • Register
Cloud7 News
  • Cloud Computing
  • Web Hosting
  • Data Center
  • Linux
  • Cybersecurity
  • More
    • Network/Internet
    • Windows
    • Software
    • Hardware
    • Blockchain
    • Policy/Legislation
    • How-Tos
    • Troubleshooting
No Result
View All Result
Cloud7 News
  • Cloud Computing
  • Web Hosting
  • Data Center
  • Linux
  • Cybersecurity
  • More
    • Network/Internet
    • Windows
    • Software
    • Hardware
    • Blockchain
    • Policy/Legislation
    • How-Tos
    • Troubleshooting
No Result
View All Result
Cloud7 News
No Result
View All Result

Home > Windows > New Windows Defender update breaks itself

New Windows Defender update breaks itself

Windows Defender's Attack Surface Reduction (ASR) rule seems to have turned on itself after the security intelligence update build 1.381.2140.0.


Ezgi Koc Ezgi Koc
January 17, 2023
2 min read
New Windows Defender update breaks itself
  • Microsoft Defender’s security intelligence update build 1.381.2140.0 has caused problems with its “block Win32 API calls from Office macro” Attack Surface Reduction (ASR) rule.
  • Attack Surface Reduction (ASR) rules are there to protect your devices from attacks that use macros, scripts, and common injection techniques.
  • The issue has been resolved but users could not get their deleted shortcuts back without trying other methods, one of them being running a script recommended by Microsoft to get some of the shortcuts back.

Windows Defender is a Microsoft anti-malware tool that comes preinstalled in Windows 8.1, Windows 10, and Windows 11. Last Friday with the most recent update, Windows Defender started to remove shortcuts from Windows Taskbar and Start Menu, and occasionally, the linked program files were even removed from the disk. The reason for this was found out to be an ASR (Attack Surface Reduction) rule gone wrong, which are rules that are in place to protect your devices from attacks that use macros, scripts, and common injection techniques.

ASR rule gone wrong

The cause of Microsoft Defender going rogue appears to be an ASR rule that was altered by a recent Defender update. The “Block Win32 API calls from Office macro” with the latest signature update is the rule responsible for this incident as the rule prompted the system antimalware to delete the shortcuts as even uninstall the Office productivity suite entirely. The shortcut and file-killer update also affected many other programs, including Mozilla Firefox, Google Chrome, Slack, and others. Microsoft said:

« After installing security intelligence update build 1.381.2140.0 for Microsoft Defender, application shortcuts in the Start menu, pinned to the taskbar, and on the Desktop might be missing or deleted. Additionally, errors might be observed when trying to run executable (.exe) files which have dependencies on shortcut files. Affected devices have the Attack Surface Reduction (ASR) rule “Block Win32 API calls from Office macro” enabled. »

As a workaround, Microsoft recommends changing ASR rules to Audit Mode. This can be done through the following options:

  • ​Using Intune: Enable attack surface reduction rules | Defender for Endpoint: Microsoft Endpoint Manager
  • ​Using Group Policy: Enable attack surface reduction rules | Defender for Endpoint: Group Policy

The issue was resolved in security intelligence update build 1.381.2164.0. While the issue was resolved, users could not automatically get their shortcuts back. As a recommendation, Microsoft suggested recovering from Attack Surface Reduction rule shortcut deletions which restored some of the most popular software the ASR rule deleted.

See more Windows News


Tags: MicrosoftWindows Defender
Ezgi Koc

Ezgi Koc

Ezgi Koc is an editor at Cloud7 News. She graduated from Ege University with a bachelor's degree in English Language and Literature. She had a great interest in technology, both hardware and software, since her childhood and decided to pursue a career that would enable her to broaden her horizons in this field. She is very passionate about video games as a Twitch affiliate and streams games in her free time.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

I agree to the Terms & Conditions and Privacy Policy.

Next Post
Best free cPanel antivirus, antimalware & scanner

Best free cPanel antivirus, antimalware & scanner

Related News

Wine 8.0 is ready to download

Wine 8.0 is ready to download. What is new?

January 26, 2023 2:15 pm
Microsoft's OneNote used to spread malware

Microsoft’s OneNote is being used to spread malware

January 23, 2023 6:00 pm
Microsoft to lay off 5% of its workforce

Microsoft to lay off 5% of its workforce

January 20, 2023 11:45 am
Microsoft releases the patch for the Windows Defender issue

Microsoft releases the patch for the Windows Defender issue

January 18, 2023 4:30 pm
Get free daily newsletters from Cloud7 News Get the Cloud7 Newsletter
Select list(s):

Check your inbox or spam folder to confirm your subscription.

By subscribing, you agree to our
Copyright Policy and Privacy Policy

Get the free newsletter

Subscribe to receive the latest IT business updates straight to your inbox.

Select list(s):

Check your inbox or spam folder to confirm your subscription.

Editor's Choice

What’s new in Linux kernel 6.2 rc5?

10 Best Web Hosting Services of 2023

Ubuntu 22.04 LTS is available for download. What is new?

CERN and Fermilab recommend AlmaLinux

7 best hosting control panels of 2023

How to update Linux Kernel without rebooting?

7 best Linux mail servers of 2023

7 best cPanel alternatives for 2023

7 best Linux web browsers for 2023

7 best CentOS alternatives

7 best Linux server distros of 2023

Interview with Igor Seletskiy on AlmaLinux

How to create a VM and install a Linux distro on VMware Workstation

Recent News

  • [Event] IT Forum CxO
  • Total public cloud revenues jumped by 21% in 2022
  • Pentagon supply chain fails basic cybersecurity requirements
  • Yugabyte releases YugabyteDB Voyager
  • Chinese 8220 Gang targets public clouds

Cloud7 News
Cloud7 is a news source that publishes the latest news, reviews, comparisons, opinions, and exclusive interviews to help tech users of high-experience levels in the IT industry.

EXPLORE

  • Web Hosting
  • Cloud Computing
  • Data Center
  • Cybersecurity
  • Linux
  • Network/Internet
  • Software
  • Hardware
  • How-Tos
  • Troubleshooting

RESOURCES

  • Events
  • Interviews
  • Jobs
  • Opinion
  • Whitepapers
  • Glossary
  • Community Forum
  • Web Hosting Directory

Get the Cloud7 Newsletter

Get FREE daily newsletters from Cloud7 delivering the latest news and reviews.

  • About
  • Privacy & Policy
  • Copyright Policy
  • Contact

© 2022, Cloud7 News. All rights reserved.

No Result
View All Result
  • Cloud Computing
  • Web Hosting
  • Data Center
  • Linux
  • Cybersecurity
  • More
    • Network/Internet
    • Windows
    • Software
    • Hardware
    • Blockchain
    • Policy/Legislation
    • How-Tos
    • Troubleshooting
  • Events
  • Interviews
  • Jobs
  • Opinion
  • Whitepapers
  • Glossary
  • Community Forum
  • Web Hosting Directory

© 2022, Cloud7 News. All rights reserved.

Welcome Back!

Sign In with Facebook
Sign In with Google
Sign In with Linked In
OR

Login to your account below

Forgotten Password? Sign Up

Create New Account!

Sign Up with Facebook
Sign Up with Google
Sign Up with Linked In
OR

Fill the forms below to register

*By registering into our website, you agree to the Terms & Conditions and Privacy Policy.
All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In
This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.