Microsoft script recreates shortcuts deleted by bad Defender ASR rule
To recover some of the Windows shortcuts that were deleted on Friday morning, Microsoft released a PowerShell script and an Advanced Hunting Query (AHQ) script. Microsoft released a Microsoft Defender signature update on January 13th, 2018, that added a new rule to the Attack Surface Reduction condition known as “Block Win32 API calls from Office