Beside running Anti-Virus and Anti-Spam, what else can we do assure the a PowerPoint file is Safe

Hi, we have various power-point files sent to us and wanted to know if there is no malicious code (maybe like VBA) within them.  We have run anti-virus and anti-spam and all ok.  Any other thing we can do to assure the PPT is safe?
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

RaminTechnical AdvisorCommented:
just have a real-time decent antivirus software running and updated is enough to keep your system safe.
JohnBusiness Consultant (Owner)Commented:
I generally agree with the above.

The MOST important tool in your arsenal is Common Sense. Do not do silly things; do not go to dodgy websites; never open emails from strangers; and, oddly enough, beware your naive friends.
Paul SauvéRetiredCommented:
if you don't know where the file is from - dump them

instead of opening the files directly from your email, you can save the files to a temporary folder and scan them with your antivirus app

if everything checks out, you should be OK
Ensure Business Longevity with As-A-Service

Using the as-a-service approach for your business model allows you to grow your revenue stream with new practice areas, without forcing you to part ways with existing clients just because they don’t fit the mold of your new service offerings.

janaAuthor Commented:
Prior placing the question, that is what we did: download and scanned them.  The results where ok, no infection.

However, since Word, Outlook, Excel one can create VBA code to execute almost anything, we wanted to know if the PPT files received has any VBA code?

Hope we are expressing what we want to do.
JohnBusiness Consultant (Owner)Commented:
A top grade antivirus product should determine this without issue.
PowerPoint files don't work like Word and Excel files in that PowerPoint has no way to run code automatically when the file is opened. You'd have to create an add-in and install that.

So even if there's VBA code in the file, it's not going to auto-run. The antivirus scan should be more than sufficient for PowerPoint files.
Jamie GarrochSenior Technical Consultant at BrightCarbonCommented:
Since PowerPoint 2007, if the file extension is 4 characters and doesn't end with 'm' then it can't contain code. For example, .pptx, .potx, .ppsx cannot include VBA code but .pptm, .potm, .ppsm 'may' contain VBA code.

Make sure you set a macro security level you are happy with in File / Options / Trust Center / Trust Center Settings / Macros and I would always recommend that you don't allow VBA code to run unless it's been digitally signed (which my company always does).

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
RaminTechnical AdvisorCommented:
janaAuthor Commented:
Thanx! That was we needed!
Stuart HargreavesChief Operations OfficerCommented:
What if the Powerpoint has embedded links? You would need a good inbound email filter to unpack and scan recipient URL destinations or a good web filter / UTM system also.
Jamie GarrochSenior Technical Consultant at BrightCarbonCommented:
Having chatted with Echo and for completeness in case any other user reads the above answer ID: 42043785, it is actually possible to craft a non-addin PowerPoint macro-enabled file (.pptm, .potm, .ppsm) that will automatically run embedded VBA code when the file opens, IF the user's security settings in PowerPoint permit it. I use this technique legitimately for some clients, for example when content needs to be updated automatically when the file is opened. But of course, it could be used maliciously too. That's why I recommend not running code that is not digitally signed. If it's good enough code to justify sending to users and expecting them to execute it, it's not really good enough to not sign it.
janaAuthor Commented:
Will open another related question for another part we want to understand.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft PowerPoint

From novice to tech pro — start learning today.