Microsoft is investigating a new bug that’s currently removing application shortcuts from the Taskbar and Start Menu on Windows PCs. The company has acknowledged that the problem affects enterprise customers using Microsoft Defender for Endpoint to block malware attacks.
In a Reddit thread, several enterprise admins reported that a false positive triggered by a buggy attack surface reduction (ASR) rule deletes shortcuts of Microsoft apps and third-party applications from the Start Menu and Taskbar. The issue is reportedly caused by the latest update (1.381.2140.0) to the Microsoft Defender threat detections.
“We recently onboarded our estate to Defender for Endpoint and we’ve had a number of reports this morning that their program shortcuts (Chrome, Firefox, Outlook have all vanished following a reboot of their machine, which has also occurred for me too. It seems to be blocking from the rule: ‘Block Win32 API calls from Office macro’,” an IT admin explained on Reddit.
According to the reports, the Microsoft Defender update instantly deletes all shortcut (.Ink) files stored in ProgramData\Microsoft\Windows\Start Menu\Programs on Windows 10 and 11 devices. Some IT admins managed to address the problem by changing the ASR rule to “Audit only,” while others had to delete the rules.
Microsoft said on Twitter that it has identified the problem, and reverted the ASR rule to minimize the impact on affected Windows machines. The company has recommended administrators to set the rule to Audit only via PowerShell, Microsoft InTune, or Group Policy.
Microsoft is working on a permanent fix, and in the meantime, it has advised end users to access the apps via the Office app or the Microsoft 365 app launcher. It is important to note that the issue only affects Windows devices in enterprise environments and it doesn’t impact consumers.
Did you encounter any issues related to app shortcuts on your Windows 10 or Windows 11 machines? Let us know in the comments section below.
Update January 13, 4:46 PM EST: Microsoft says that it has completed the deployment of the fix. However, the fix doesn’t automatically restore the shortcuts deleted on customers’ machines.
“This issue is resolved in security intelligence update build 1.381.2164.0. Installing security intelligence update build 1.381.2164.0 or later should prevent the issue, but it will not restore previously deleted shortcuts. You will need to recreate or restore these shortcuts through other methods,” Microsoft announced on the Windows Health Dashboard.