How to assure a MsOffice apps doesn't open up a malicious VBA hidden code
We were assisted by EE in a question that made us place this question. The insert that's reponsable is "it is actually possible to craft a non-addin PowerPoint macro-enabled file".
That said, is setting our ms office apps to the most secure settings (macro) is the only way to protect ourselves from a powerpoint or word/excel/mail for that matter? Also, is there a way to view he VBA contents without opening it (powerpoint/excel/wor)?
That said, is setting our ms office apps to the most secure settings (macro) is the only way to protect ourselves from a powerpoint or word/excel/mail for that matter? Also, is there a way to view he VBA contents without opening it (powerpoint/excel/wor)?
Last Comment
ASKER CERTIFIED SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
Jamie Garroch (MVP)
Interesting find DrTribos. I think the question relates to a standard corporate environment so third party utilities like this one which appears to defeat the Microsoft security rather than prevent the execution of macros will unlikely be present. Nevertheless, I'm curious how that utility works. There doesn't appear to be a command line switch for Excel to prevent macro alerts from being displayed on opening a file and the utility specifically states it does not change any Windows settings. So how does it defeat the macro alerts?
Not sure Jamie, but I tested it and my system was almost fully locked down... and macros ran. I guess I could've deleted the VBA dll ?!
If I was going to create such a utility I would do this:
1. Utility EXE runs and performs these steps:
2. Store the current Windows registry setting for macro security
3. Change the same registry setting to allow macros to run without warnings
4. Open the macro-enabled Office file (no macro messages will be shown and macros can run)
5. Restore the registry setting (macros are still permitted to run on the open file above)
That way, no "permanent" changes are made to the registry. This is the only way I can see such a utility working.
1. Utility EXE runs and performs these steps:
2. Store the current Windows registry setting for macro security
3. Change the same registry setting to allow macros to run without warnings
4. Open the macro-enabled Office file (no macro messages will be shown and macros can run)
5. Restore the registry setting (macros are still permitted to run on the open file above)
That way, no "permanent" changes are made to the registry. This is the only way I can see such a utility working.
I guess Proc Mon would be able to determine if that is what is happening... I might have a closer look when (if) I get the chance.
ASKER
Sorry for the delay!
Thanx!
Thanx!
Microsoft Excel
Microsoft Excel topics include formulas, formatting, VBA macros and user-defined functions, and everything else related to the spreadsheet user interface, including error messages.
144K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
TRUSTED BY
