Yesterday, January 13th an unintentional impact was triggered by a pattern update (1.381.2140.0) to users that had the ASR rule “Block Win32 API calls from Office macro” set to block mode.
The impact was hard to miss, shortcuts pinned to taskbar & in the start menu went missing.
The best thing to do was change the ASR policy to audit mode as soon as possible to limit the impact.
the manual way to fix apps:
- Windows 10:
- Select Start > Settings > Apps > Apps & features
- Select the app you want to fix.
- Select Modify link under the name of the app if it is available.
- A new page will launch and allow you to select repair.
- Windows 11:
- Type “Installed Apps” in the search bar.
- Click “Installed Apps”.
- Select the app you want to fix.
- Click on “…”
- Select Modify or Advanced Options if it is available.
- A new page will launch and allow you to select repair
Microsoft posted a remediation script on Tech Community here:
https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/recovering-from-attack-surface-reduction-rule-shortcut-deletions/ba-p/3716011?WT.mc_id=WDIT-MVP-5000497
Get Your Microsoft Trainings here: