Microsoft has acknowledged an issue with Application shortcuts impacting both Windows 10 and Windows 11. The application shortcuts in the Start menu, pinned to the taskbar, and on the Desktop might be missing or deleted.
The issue has arisen after installing security intelligence update build 1.381.2140.0 for Microsoft Defender. It may also make system throw errors when trying to run executable (.exe) files which have dependencies on shortcut files.
Microsoft has resolved this issue in security intelligence update build 1.381.2164.0. While installing security intelligence update build 1.381.2164.0 or later should prevent the issue, but it will not restore previously deleted shortcuts. Users will still need to recreate or restore these shortcuts through other methods. Read the full details of the issue and resolution below.
January 2023
Application shortcuts might not work from the Start menu or other locations
Status Originating update History Resolved N/A Resolved: 2023-01-13, 13:40 PT
Opened: 2023-01-13, 13:40 PTAfter installing security intelligence update build 1.381.2140.0 for Microsoft Defender, application shortcuts in the Start menu, pinned to the taskbar, and on the Desktop might be missing or deleted. Additionally, errors might be observed when trying to run executable (.exe) files which have dependencies on shortcut files. Affected devices have the Atack Surface Reduction (ASR) rule “Block Win32 API calls from Office macro” enabled. After installing security intelligence build 1.381.2140.0, detections resulted in the deletion of certain Windows shortcut (.lnk) files that matched the incorrect detection pattern.
Windows devices used by consumers in their home or small offices are not likely to be affected by this issue.
Workaround: Changes to Microsoft Defender can mitigate this issue. The Atack Surface Reduction (ASR) rules in Microsoft Defender are used to regulate software behavior as part of security measures. Changing ASR rules to Audit Mode can help prevent this issue. This can be done through the following options:
- ​Using Intune: Enable attack surface reduction rules | Defender for Endpoint: Microsoft Endpoint Manager
- ​Using Group Policy: Enable attack surface reduction rules | Defender for Endpoint: Group Policy
Microsoft Office applications can be launched through the Microsoft 365 app launcher. More details on the Microsoft 365 app launcher can be found in Meet the Microsoft 365 app launcher
Next steps: This issue is resolved in security intelligence update build 1.381.2164.0. Installing security intelligence update build 1.381.2164.0 or later should prevent the issue, but it will not restore previously deleted shortcuts. You will need to recreate or restore these shortcuts through other methods.
Affected platforms:
- ​Client: Windows 11, version 22H2; Windows 10, version 22H2; Windows 11, version 21H2; Windows 10, version 21H2; Windows 10, version 20H2; Windows 10 Enterprise LTSC 2019; Windows 10 Enterprise LTSC 2016; Windows 10 Enterprise 2015 LTSB
- ​Server: None