Information
This policy setting determines whether users can open, view, edit, or save Excel files with Dif and Sylk file format.
Open/Save blocked, use open policy : Both opening and saving of the file type will be blocked. The file will open based on the policy setting configured in the 'default file block behavior' key.
Note:
Use Open Policy
action is defined by the
Set default file block behavior
policy setting which is included in this benchmark.
The recommended state for this setting is: Enabled: Open/Save blocked, use open policy
DIF and SYLK are text-only file formats that are used to exchange data between different applications, such as Excel. If a vulnerability is discovered that affects these kinds of files, use this setting to protect the organization against attacks by temporarily preventing users from opening files in these formats until a security patch is available.
Using legacy file formats could allow malicious code to become active on a user's computer or the network.
Solution
To establish the recommended state via configuration profiles, set the following Settings Catalog path to Enabled: Open/Save blocked, use open policy
Microsoft Excel 2016\Excel Options\Security\Trust Center\File Block Settings\Dif and Sylk Files
Impact:
Users will not be able to open, save, or view Dif and Sylk files.