Updated version of the recovery script is available. Now includes taskbar recovery.

#asrmageddon

https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/recovering-from-attack-surface-reduction-rule-shortcut-deletions/ba-p/3716011

More tools and updated script for #asrmageddon

https://github.com/microsoft/MDE-PowerBI-Templates/blob/master/ASR_scripts/AddShortcuts.ps1 version 2

https://aka.ms/ASRTestImpact
https://aka.ms/ASR_shortcuts_deletion_FAQ
https://aka.ms/ASRTaskBarRepairTool

RT @UK_Daniel_Card@twitter.com

I bet they didn’t take unlimited time off this weekend #defender #ASRmageddon 😅 https://twitter.com/tomwarren/status/1613244112635047938

🐦🔗: https://twitter.com/UK_Daniel_Card/status/1615033768808706050

Follow-up to #ASRmageddon (deleted shortcuts in #Windows due to an ASR rule and triggered by a broken Defender update). Why home users with #DefenderUI were affected and how to get the .lnk files back.

https://borncity.com/win/2023/01/16/asrmageddon-warum-privatnutzer-betroffen-waren-wie-man-shortcuts-restauriert/

Nachlese zu #ASRmageddon (gelöschte Verknüpfungen in #Windows auf Grund einer ASR-Regel und getriggert durch ein kaputtes Defender Update). Warum Privatanwender mit #DefenderUI betroffen waren und wie man die .lnk-Dateien zurück bekommt.

https://www.borncity.com/blog/2023/01/16/asrmageddon-warum-privatnutzer-betroffen-waren-wie-man-shortcuts-restauriert/

Powershell comes for rescue to fix the #ASRmageddon 🌋 #MicrosoftDefender https://github.com/microsoft/MDE-PowerBI-Templates/blob/master/ASR_scripts/AddShortcuts.ps1

What if all of this was a ploy to get people to use advanced hunting / E5 #asr #asrrules #defender #signature #ASRmagedon #ASRmageddon

Happy #ASRmageddon Monday!

Microsoft hat sich ja wieder angestrengt es nicht langweilig werden zu lassen. Vielleicht sollten wir bei #Trendmicro bleiben. #ASRmageddon

Microsoft does a lot of good security work these days, but this time I guess you could say they…
( •_•)>⌐□-□
took shortcuts

#ASRmageddon

https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/recovering-from-attack-surface-reduction-rule-shortcut-deletions/ba-p/3716011

Giving Mastodon a go, finally had my resolve broken with the 3rd party client issues.

Absolutely no idea how to use Mastodon. #introductions

The first post on my home... #ASRMageddon . Yep - this place is for me

Microsoft have a blog post up about #ASRmageddon, with a Powershell script to recreate shortcuts of apps and a hunting query (change the date on the query, it’s wrong). https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/recovering-from-attack-surface-reduction-rule-shortcut-deletions/ba-p/3716011

The fix by #Microsoft for #ASRmageddon.

https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/recovering-from-attack-surface-reduction-rule-shortcut-deletions/ba-p/3716011

This kind of thing massively sets back security improvement programs, so relieved I'm not trying to recover from this after having persuaded people to deploy it... https://learn.microsoft.com/en-us/windows/release-health/status-windows-11-22h2#2998msgdesc #asrmageddon

A #powershell wizard (Harm Veenstra) made this: scrips to recreate start menu shortcuts. Haven’t tried it (did not experience #ASRmageddon myself).

Might be helpful.

(Check out his blog powershellisfun.com)

https://powershellisfun.com/2023/01/13/recreate-start-menu-shortcuts-asrmageddon/

Worked on #ASRmageddon all day, a lot less impact than we expected, but still took me out of the queue for most of the day unable to do other things.

Microsoft just YOLOing shit like this on a Friday morning is fun.

I think it hit us, as the msp, harder than anyone.

I'm tired.

If anyone was going to be hit by #ASRmageddon, I'm relieved it was my VM and not my remote CEO. Luckily, I had a VM backup from last week. After a HD image restore, I was back in business.

#whew

I keep reading #ASRmageddon as ASMR-mageddon sorry not sorry

It's the official #ASRmageddon logo, no rights reserved

Microsoft are still trying to roll back #ASRmageddon