Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!
Beside running Anti-Virus and Anti-Spam, what else can we do assure the a PowerPoint file is Safe
Hi, we have various power-point files sent to us and wanted to know if there is no malicious code (maybe like VBA) within them. We have run anti-virus and anti-spam and all ok. Any other thing we can do to assure the PPT is safe?
Do more with
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
just have a real-time decent antivirus software running and updated is enough to keep your system safe.
I generally agree with the above.
The MOST important tool in your arsenal is Common Sense. Do not do silly things; do not go to dodgy websites; never open emails from strangers; and, oddly enough, beware your naive friends.
The MOST important tool in your arsenal is Common Sense. Do not do silly things; do not go to dodgy websites; never open emails from strangers; and, oddly enough, beware your naive friends.
if you don't know where the file is from - dump them
instead of opening the files directly from your email, you can save the files to a temporary folder and scan them with your antivirus app
if everything checks out, you should be OK
instead of opening the files directly from your email, you can save the files to a temporary folder and scan them with your antivirus app
if everything checks out, you should be OK
Prior placing the question, that is what we did: download and scanned them. The results where ok, no infection.
However, since Word, Outlook, Excel one can create VBA code to execute almost anything, we wanted to know if the PPT files received has any VBA code?
Hope we are expressing what we want to do.
However, since Word, Outlook, Excel one can create VBA code to execute almost anything, we wanted to know if the PPT files received has any VBA code?
Hope we are expressing what we want to do.
PowerPoint files don't work like Word and Excel files in that PowerPoint has no way to run code automatically when the file is opened. You'd have to create an add-in and install that.
So even if there's VBA code in the file, it's not going to auto-run. The antivirus scan should be more than sufficient for PowerPoint files.
So even if there's VBA code in the file, it's not going to auto-run. The antivirus scan should be more than sufficient for PowerPoint files.
Since PowerPoint 2007, if the file extension is 4 characters and doesn't end with 'm' then it can't contain code. For example, .pptx, .potx, .ppsx cannot include VBA code but .pptm, .potm, .ppsm 'may' contain VBA code.
Make sure you set a macro security level you are happy with in File / Options / Trust Center / Trust Center Settings / Macros and I would always recommend that you don't allow VBA code to run unless it's been digitally signed (which my company always does).
Make sure you set a macro security level you are happy with in File / Options / Trust Center / Trust Center Settings / Macros and I would always recommend that you don't allow VBA code to run unless it's been digitally signed (which my company always does).
you can also read them in Protected View mode.
https://support.office.com/en-us/article/What-is-Protected-View-d6f09ac7-e6b9-4495-8e43-2bbcdbcb6653
https://support.office.com/en-us/article/What-is-Protected-View-d6f09ac7-e6b9-4495-8e43-2bbcdbcb6653
What if the Powerpoint has embedded links? You would need a good inbound email filter to unpack and scan recipient URL destinations or a good web filter / UTM system also.
Having chatted with Echo and for completeness in case any other user reads the above answer ID: 42043785, it is actually possible to craft a non-addin PowerPoint macro-enabled file (.pptm, .potm, .ppsm) that will automatically run embedded VBA code when the file opens, IF the user's security settings in PowerPoint permit it. I use this technique legitimately for some clients, for example when content needs to be updated automatically when the file is opened. But of course, it could be used maliciously too. That's why I recommend not running code that is not digitally signed. If it's good enough code to justify sending to users and expecting them to execute it, it's not really good enough to not sign it.
Premium Content
You need an Expert Office subscription to comment.Start Free Trial