A recent Microsoft Defender update (KB2267602) has caused significant disruption for many Windows users by removing application shortcuts from desktop, taskbar, and Start menu locations. This widespread issue requires immediate attention from IT departments.
Understanding the Issue
The KB2267602 update contains a flaw that causes Windows to incorrectly identify legitimate application shortcuts as potential security threats, automatically removing them during scanning.
Users typically report:
- Missing desktop shortcuts for commonly used applications
- Empty or partially populated Start menu
- Missing pins from the taskbar
- Shortcuts disappearing shortly after being recreated
Affected Systems
- Windows 10 and 11 systems of all builds
- Windows Server 2019 and 2022
- Systems running Microsoft Defender as primary antivirus
Immediate Mitigation Steps
1. Temporarily Pause Definition Updates
Via Group Policy or PowerShell:
Set-MpPreference -DisableAutoUpdate $trueImportant: This is temporary only — prolonged disabling leaves systems vulnerable.
2. Restore Missing Shortcuts
- Deploy shortcuts via Group Policy
- Use PowerShell scripts to recreate standard shortcuts
- Use System Restore if available
3. Create Exclusions for Shortcut Locations
Add-MpPreference -ExclusionPath "C:\Users\*\Desktop"
Add-MpPreference -ExclusionPath "C:\Users\*\AppData\Roaming\Microsoft\Windows\Start Menu"
Add-MpPreference -ExclusionPath "C:\ProgramData\Microsoft\Windows\Start Menu"Longer-Term Solutions
- Monitor Defender update status across the environment
- Communicate clearly with users about the issue and timeline
- Establish testing protocols for future definition updates
- Monitor Microsoft Security Response Center for the official fix
Microsoft has acknowledged the issue and assigned it high priority. Organizations should implement minimum mitigations necessary to restore productivity while awaiting the permanent fix.