WNDF-AV-000038 - Microsoft Defender AV must be configured to block Win32 imports from macro code in Office.
This rule blocks potentially malicious behavior by not allowing macro code to execute routines in the Win 32 dynamic link library (DLL).
Set the policy value for Computer Configuration >> Administrative Templates >> Windows Components >> Microsoft Defender Antivirus >> Windows Defender Exploit Guard >> Attack Surface Reduction >> 'Configure Attack Surface Reduction rules' to 'Enabled'. Click 'Show...'. Set the Value name to '92E97FA1-2EDF-4476-BDD6-9DD0B4DDDC7B' and the Value to '1'.