1.4.7.5 Ensure' Scan Encrypted Macros in Excel Open XML Workbooks' is set to Enable (Scan encrypted macros (default))

Information

This policy setting controls whether encrypted macros in Open XML workbooks be are required to be scanned with anti-virus software before being opened. The recommended state for this setting is: Enable d. (Scan encrypted macros (default)) When an Office Open XML workbook is rights-managed or password-protected, any macros that are embedded in the workbook are encrypted along with the rest of the workbook#x2019;s contents. By default, these encrypted macros will be disabled unless they are scanned by antivirus software immediately before being loaded. If this default configuration is modified, Excel will not require encrypted macros to be scanned before loading. Excel will handle them as specified by the Office System macro security settings, which can cause macro viruses to load undetected and lead to data loss or reduced application functionality.

Solution

To implement the recommended configuration state, set the following Group Policy setting to Enabled. User Configuration\Administrative Templates\Microsoft Excel 2016\Excel Options\Security\Scan Encrypted Macros in Excel Open XML Workbooks Impact: Disabling this setting enforces the default configuration in Excel, and is therefore unlikely to cause usability issues for most users.

See Also

https://workbench.cisecurity.org/files/569

Item Details

Category: SYSTEM AND INFORMATION INTEGRITY

References: 800-53|SI-3c.1.

Plugin: Windows

Control ID: d70ec1483d7bf5e3d0daf9c9b039a1a3953c5c0971095117eaf08d14e91b8e18