We help IT Professionals succeed at work.

How to assure a MsOffice apps doesn't open up a malicious VBA hidden code

243 Views
Last Modified: 2017-03-22
We were assisted by EE in a question that made us place this question.  The insert that's reponsable is "it is actually possible to craft a non-addin PowerPoint macro-enabled file".  

That said, is setting our ms office apps to the most secure settings (macro) is the only way to protect ourselves from a powerpoint or word/excel/mail for that matter?  Also, is there a way to view he VBA contents without opening it (powerpoint/excel/wor)?
Comment
Watch Question

PowerPoint Technical Consultant
CERTIFIED EXPERT
Commented:
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION
Commented:
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION
Jamie Garroch (MVP)PowerPoint Technical Consultant
CERTIFIED EXPERT

Commented:
Interesting find DrTribos. I think the question relates to a standard corporate environment so third party utilities like this one which appears to defeat the Microsoft security rather than prevent the execution of macros will unlikely be present. Nevertheless, I'm curious how that utility works. There doesn't appear to be a command line switch for Excel to prevent macro alerts from being displayed on opening a file and the utility specifically states it does not change any Windows settings. So how does it defeat the macro alerts?

Commented:
Not sure Jamie, but I tested it and my system was almost fully locked down... and macros ran.  I guess I could've deleted the VBA dll ?!
Jamie Garroch (MVP)PowerPoint Technical Consultant
CERTIFIED EXPERT

Commented:
If I was going to create such a utility I would do this:

1. Utility EXE runs and performs these steps:
2. Store the current Windows registry setting for macro security
3. Change the same registry setting to allow macros to run without warnings
4. Open the macro-enabled Office file (no macro messages will be shown and macros can run)
5. Restore the registry setting (macros are still permitted to run on the open file above)

That way, no "permanent" changes are made to the registry. This is the only way I can see such a utility working.

Commented:
I guess Proc Mon would be able to determine if that is what is happening... I might have a closer look when (if) I get the chance.

Author

Commented:
Sorry for the delay!

Thanx!
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a sample view!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.