Microsoft Office applications can be launched through the Microsoft 365 app launcher. Using Group Policy: Enable attack surface reduction rules | Defender for Endpoint: Group Policy.Using Intune: Enable attack surface reduction rules | Defender for Endpoint: Microsoft Endpoint Manager.This can be done through the following options: Changing ASR rules to Audit Mode can help prevent this issue. The Atack Surface Reduction (ASR) rules in Microsoft Defender are used to regulate software behavior as part of security measures. Workaround: Changes to Microsoft Defender can mitigate this issue. Windows devices used by consumers in their home or small offices are not likely to be affected by this issue.
After installing security intelligence build 1.381.2140.0, detections resulted in the deletion of certain Windows shortcut (.lnk) files that matched the incorrect detection pattern. Affected devices have the Atack Surface Reduction (ASR) rule 'Block Win32 API calls from Office macro' enabled. Additionally, errors might be observed when trying to run executable (.exe) files which have dependencies on shortcut files. Application shortcuts might not work from the Start menu or other locationsĪfter installing security intelligence update build 1.381.2140.0 for Microsoft Defender, application shortcuts in the Start menu, pinned to the taskbar, and on the Desktop might be missing or deleted.
