Macro enabled office documents will now be blocked

Posted on by Chris Twa

Macro-enabled Office documents are now being blocked for domains protected by our premium spam filtering service.

What are macro enabled office documents?

Microsoft Office documents may have macros embedded with them.  The design allowed for simple programs to be embedded with an MS Office document to provide additional functions.  Office documents that are macro enabled should have a different extension.  A full list of Office extensions is available here: https://en.wikipedia.org/wiki/List_of_Microsoft_Office_filename_extensions.

Why are they being blocked?

Macro enabled office documents in email are routinely used as a vector for malware.  Although there are significant tuning options available for individual users and enterprises, it is still quite easy for a user to enable the macro content of these documents.  Malware that does not require elevation of permissions such as ransomware can easily be activated in this manner.  Quite simply, we believe the risks outweigh the benefits.

We have decided to block macro enabled office documents for the following reasons:

  • It is too easy for users to activate the macro and cause significant harm to their organizations.  Until Microsoft can increase macro security or else provoke a more informed decision from the user, macros’ risks outweigh their benefits
  • Signature based detection employed by antivirus software is often days behind the latest malware surge and can not be solely relied upon.
  • Tunable options available to Microsoft Office users that can decrease the risk of macro malware are often ignored.
  • Legitimate macro enabled office documents are not very common and can be distributed by other means where there is (hopefully) a greater trust than with email.  To us, this means the change is less likely to have a negative impact on our users.
  • Similar blocks are employed by many other organizations which adds legitimacy.

Email is not a good way to exchange files.  There are very few checks to the authenticity of the sender.  Encryption is rarely used.  Files are re-encoded base64 causing them to grow in size.  The majority of email traffic is spam with a significant amount infected with malware.  Email is fantastic for distributing textual information  but… Repeat:  Email is not a good way to exchange files.

What if I really need to send/receive macro enabled office documents?

Please contact helpdesk@radishnetworks.com for available work-arounds.  Don’t worry – we have ways to make the appropriate exceptions.

I hate/love this!

Talk to us!  We make decisions like this based on your input so let us know what you think.

The KB article is here (logged in users only):  https://radishnetworks.zendesk.com/hc/en-us/community/topics/201054106-Office-macro-documents-are-now-being-blocked-on-our-premium-spam-filtering-service