Well, that’s not what we need on a Friday. The latest definition update for Microsoft Defender is incorrectly identifying shortcuts as viruses and deleting them, causing no end of panic for users trying to open applications from their taskbar.
See the Microsoft incident page here
According to Microsoft, the ASR rule “Block Win32 API calls from Office macro” is to blame. Changing the rule in Endpoint Manager from ‘Block’ to ‘Audit’ will mitigate the impact until Microsoft provide a fix.
Quite how something like this makes it through quality control at a company like Microsoft is beyond me.
SysAdmin Tales 
Leave a Reply