Many users are reporting issues with their desktop shortcuts and pinned icons, as they no longer seem to be functioning. When users click on the pinned icons, a pop-up message appears stating, This file does not have an app associated with it for performing this action. Please install an app or, if one is already installed, create an association in the Default Apps Settings page.
Table of Contents
Investigation on this Issue
- An update, KB5022282, was installed on 1/10/2023.
- Microsoft Defender definitions were updated to version 1.1381.2140.0.
- In the Event Viewer under the Windows Defender folder, an Event ID – 1121 was found.
- The Event ID – 1121 suggests that Microsoft Defender Exploit Guard has blocked an operation not allowed by the IT administrator.
After confirmation with Microsoft, it was suggested that recent Microsoft Defender definitions might be the cause of this issue. Attempted to roll back the Microsoft Defender definitions using the following steps, but this did not resolve the issue.
Check Microsoft Defender Definitions Version
To check the version of Microsoft Defender definitions, please follow the steps below:
- Go to Start🪟 -> Search for Windows Security.
- Click on Settings⚙️ on the bottom left of the page.
- Click on About link.
Fixes Tried So Far
We have applied below two fixes so far, but none have resolved this problem.
- We changed the ‘Block Win32 API calls from Office macros‘ policy in Attack Surface Reduction from ‘Block mode‘ to ‘Audit mode‘. Microsoft also recommended placing the ASR policy in audit mode. Please note that adjusting this setting in the ASR policy may take a couple of hours to propagate down to users’ devices.
- I rolled back the Defender definitions using the ‘MpCmdRun.exe -RemoveDefinitions‘ command.
If you wish to check or test the rollback of Microsoft Defender definitions on user’s devices, you can use the provided scripts. I have included both a batch file and a PowerShell file in the following sections of this blog post.
1. How to Roll back Microsoft Defender Definitions using Intune
Create a PowerShell script file and name it as you prefer, for example, ‘MP.ps1‘. Paste the following code into the script file:
Clear-Host
Set-Location "C:\Program Files\Windows Defender"
.\mpcmdrun.exe -Removedefinitions- Log in to the Intune admin center.
- Navigate to Devices -> Scripts.
- Click ‘Add‘ and then upload the ‘MP.ps1‘ script. Assign it to a group that includes the relevant devices.
- It is advisable to test on one or two devices before a broader rollout.
2. How to Roll back Microsoft Defender Definitions using a Batch file
You can also use a batch file I have tested to roll back Microsoft Defender definitions to the previous stable version. Copy the code below into a file with a .bat extension and run it from the command prompt as an administrator.
- Navigate to Start 🪟, type ‘Run‘ to open a Run box.
- Search for the Command Prompt app.
- Right-click on the Command Prompt app and select ‘Run as administrator‘.
- Paste the following lines of code directly into the Command Prompt, or you can copy the code into a .bat file and run the .bat file from the Command Prompt.
@ECHO OFF
SET MPPATH="C:\Program Files\Windows Defender\"
CD %MPPATH%
START MpCmdRun.exe -RemoveDefinitionsWorkaround I used
As desktop shortcuts and pinned items are currently not functioning, users can use a workaround by navigating to the installation folder of the applications and launching them directly from that location.
Most installed apps can be found in either C:\Program Files or C:\Program Files (x86). Simply search for the application folder and launch the application directly from that location until the original issue is resolved.”
Alternatively, you can launch all apps directly using the following steps:
- Press Windows🪟 + R to open the Run dialog box.
- Type the desired command to open the apps directly. For instance, to launch Outlook, type ‘outlook‘ in the Run box and press Enter.
Similarly, for other apps, you can type the following keywords in the Run box to open them directly:
- Word Application:
winword - Excel Application:
excel - OneNote:
onenote - Google Chrome:
chrome
| App Name | Location |
| Office 365 App | C:\Program Files\Microsoft Office\root\Office16 Search for excel.exe for Excel App Search for winword.exe for Word App Search for Powerpnt.exe for Powerpoint app Search for Outlook.exe for Outlook App |
| Zoom App | C:\Program Files\Zoom\bin\Zoom.exe |
| Microsoft Edge | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Or C:\Program Files\Microsoft\Edge\Application\msedge.exe |
Status of Permanent Fix
I checked with Microsoft to find a permanent fix for this issue. It appears that many organizations are experiencing the same problem, and Microsoft is actively working to provide a permanent solution.
You can check the status of this issue from the Microsoft 365 admin center:
- Log in to the Microsoft 365 admin center.
- Navigate to Health > Service Health.
- Look for Incident number SI MO497128 and monitor updates on this issue.
- You can also check the status from the https://twitter.com/MSFT365Status Twitter page.
Creating Desktop Shortcuts on User Devices
You can either use a batch script and deploy it on a user’s device via Active Directory Group Policy. Alternatively, if you are using Intune, you can create a script and deploy it using Intune.
Please follow the blog post below, which provides more information on how you can easily create desktop shortcuts on users’ devices.
How To Create A Desktop Shortcut Using Intune
Conclusion
As a permanent fix for this issue is not available yet, you can use the provided workaround to ensure users can continue using applications without interruption. Microsoft is actively working on resolving this issue, and updates are expected soon. Monitor the status of this issue through the Microsoft 365 admin center or the MSFT365Status Twitter page.
