What is this odd security warning?

I started getting odd warnings like the one posted below from Defender on my desktop PC and shortcuts being deleted. I then recovered a Reflect backup from 23 Dec well before this started happening today but started getting the warning posted below and shortcuts deleted again. I'm mystified what this is due and how to recover.



Update - To save you reading the rest of this thread, this issue and deleted shortcuts on the taskbar, desktop (including nested folders) and the start menu are due to a spectacular cockup by Microsoft on Friday 13th. A bad Defender signature (1.381.2140.0) released yesterday (now pulled) caused the ASR rule (Rule ID: 92e97fa1-2edf-4476-bdd6-9dd0b4dddc7b) to misbehave and trigger against users' app shortcuts, falsely tagging them as malicious. The deleted shortcuts will need to be reinstated manually or you can recover from a recent backup.

Microsoft advise This issue is resolved in security intelligence update build 1.381.2164.0. Installing security intelligence update build 1.381.2164.0 or later should prevent the issue, but it will not restore previously deleted shortcuts

I'm going to recover from a recent Reflect backup and disconnect from the internet whilst I restore Defender settings to default using Config Defender where I had set some aggressive ASR rules.

So much for Microsoft's QA

Hello @Steve C,

Looking at it, it appears that it is an Office program [ Macro ] that is involved ?

I don't have any Office macros. Also a user folder has been removed from my desktop and several icons pinned to the taskbar e.g. Chrome.

Hello @Steve C,

[1] Have you run ANY Scripts etc prior to this happening ?
[2] Have you downloaded ANY programs prior to this happening ?
[3] Have you run a FULL Virus scan or Malwarebytes ?

I am just on my way out, but I will investigate this further for you when I get back.

@Steve C

crashpad_handler.exe Windows process - What is it?

1. First, figure out what it is.
2. This will help you when Googling, which will lead to further info and if needed, removal techniques.

I was perplexed why the odd behaviour reappeared after recovering from backup. I suspect the culprit is a utility called Configure Defender which set some quite aggressive Defender settings. I've now reset those to default and recovered my missing shortcuts on the desktop. Maybe the latest Defender update installed just after recovering from backup didn't play well with those Configure Defender settings? I'll only fiddle with Defender settings from the Windows Settings menu now. There is no sign of any malware.

@Steve C -

Have you tried removing Configure Defender?

Please download and run this program (no install) and see what it finds, if anything.

https://www.k7computing.com/us/free_scanner

Just to be sure.

Post back with your results.

Steve C said:

I was perplexed why the odd behaviour reappeared after recovering from backup. I suspect the culprit is a utility called Configure Defender which set some quite aggressive Defender settings. I've now reset those to default and recovered my missing shortcuts on the desktop. Maybe the latest Defender update installed just after recovering from backup didn't play well with those Configure Defender settings? I'll only fiddle with Defender settings from the Windows Settings menu now. There is no sign of any malware.

This is what I got,



Running Windows Subsystem for Android and had Edge running in the background. The old CPU I have on this laptop was struggling a bit so right clicked Edge icon on taskbar to close it. Like you no Office at all and once I closed WSA some desktop icons missing, Edge icon on taskbar had no file associated and Edge missing in all apps list in Windows 11. Had to repair Edge twice to get it running normally.
Nothing found in Defender after following scan.

AK6DN said:

Related to this? Buggy Microsoft Defender ASR rule deletes Windows app shortcuts

Thank you, nice find