Georg311Jan 16, 2023
What if all of this was a ploy to get people to use advanced hunting / E5 #asr #asrrules #defender #signature #ASRmagedon #ASRmageddon
Fabian BaderJan 16, 2023

Version 1.1 of the Microsoft LNK recovery script with added support to restore from the Volume Shadow Copy Service released

#ASRmagedon #MDE #MDAV

https://github.com/microsoft/MDE-PowerBI-Templates/blob/master/ASR_scripts/AddShortcuts.ps1

MDE-PowerBI-Templates/AddShortcuts.ps1 at master · microsoft/MDE-PowerBI-Templates

A respository for MDATP PowerBI Templates. Contribute to microsoft/MDE-PowerBI-Templates development by creating an account on GitHub.

GitHub
Fabian BaderJan 15, 2023

My blog post from July last year became more relevant since last Friday then I had hoped.

But now is a good time to think about using the gradual rollout process for Microsoft Defender updates.

#M365D #MDAV #MDE #ASRmagedon

https://cloudbrothers.info/en/gradual-rollout-process-microsoft-defender/

Gradual rollout process for Microsoft Defender

One of the features of Microsoft Defender Antivirus that, in my opinion, is overlooked by most, is the ability to control the rollout of all components of Microsoft Defender Antivirus by selecting different release channels. This allows for a more gradual rollout of security intelligence updates, the engine as well as the AV platform. Different update types But let’s take a step back and get a common understanding whats the difference between those different updates is and how they are deployed.

Fabian BaderJan 14, 2023

Microsoft has released their own guidance and scripting to recover from #ASRmagedon

https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/recovering-from-attack-surface-reduction-rule-shortcut-deletions/ba-p/3716011

Recovering from Attack Surface Reduction rule shortcut deletions

Guidance on how to recover from short-cut deletions including PowerShell script.

TECHCOMMUNITY.MICROSOFT.COM
vermiliondraughtJan 13, 2023
Is it only W11? https://learn.microsoft.com/en-us/windows/release-health/status-windows-11-22h2#2998msgdesc #ASRmagedon @GossiTheDog
Windows 11, version 22H2 known issues and notifications

View announcements and review known issues and fixes for Windows 11, version 22H2

Matt KirbyJan 13, 2023
Windows is the OS used by the majority of businesses. And yes, there are times when Microsoft really screws things up (#ASRmagedon). During such times seing smug Linux users crowing about their setup and using words like Micro$haft and windoze is not helpful. Take your Linux smugness elsewhere - the business people are talking
Georg311Jan 13, 2023

Great rule for finding out via advanced hunting what defender deleted

```
DeviceEvents

| where ActionType == "AsrOfficeMacroWin32ApiCallsBlocked" and Timestamp >= datetime("2023-01-13 00:00:00Z")

| order by Timestamp

| where FileName endswith ".lnk"
```

Thanks reddit

https://www.reddit.com/r/sysadmin/comments/10ar1vb/multiple_users_reporting_microsoft_apps_have/j464ta6/

#ASRmagedon #asr #defender #signature

Multiple users reporting Microsoft apps have disappeared

I was able to get this to restore icons on a per-user basis $AllPrograms = "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\UFH\SHC\" #...

reddit
Gary BlosserJan 13, 2023
Microsoft defender this morning... #ASRmagedon
Show threadGeorg311Jan 13, 2023
I've created a powershell script to try to fix the mess with the startmenu. It requires you to get the lnk files from some other pc but it should help in restoring from this
https://github.com/Georg311/RecreateStartMenu/
#defender #signature #ASRmagedon #ASR
GitHub - Georg311/RecreateStartMenu: Script to recreate Startmenu from a Template Starmenu

Script to recreate Startmenu from a Template Starmenu - GitHub - Georg311/RecreateStartMenu: Script to recreate Startmenu from a Template Starmenu

GitHub
Georg311Jan 13, 2023
I've created a powershell script to try to fix the mess with the startmenu. It requires you to get the lnk files from some other pc but it should help in restoring from this
https://github.com/Georg311/RecreateStartMenu/
#defender #signature #ASRmagedon #ASR
GitHub - Georg311/RecreateStartMenu: Script to recreate Startmenu from a Template Starmenu

Script to recreate Startmenu from a Template Starmenu - GitHub - Georg311/RecreateStartMenu: Script to recreate Startmenu from a Template Starmenu

GitHub