Prevent and block Macros from running in Microsoft Office using Group Policy

You can block Macros and consequently Macro virus or Macro targeted malware files, from the Internet, from opening & running automatically in your Microsoft Office 2016 programs like Word, Excel or PowerPoint documents using Group Policy in Windows 10.

Office Macros are basically small bits of code written in Visual Basic (VBA), that allow you to carry out select repetitive tasks. They are useful by themselves, but many a times malware writers misuse this functionality to introduce malware into your computer system.

A Macro virus is a virus that takes advantage of Macros that run in Microsoft Office applications such as the Microsoft Word, PowerPoint or Excel. Cyber criminals send you a macro-infested payload or a file which will later on download a malicious script, via email and use a subject line that interests or provokes you into opening the document. When you open the document, a macro runs to execute whatever the task the criminal wants.

Microsoft has disabled the Macro functioning by default. It has now set the default settings in Office to Disable all macros with notification. That is, no macro would run in the Microsoft Word until you allow it to run, since the files now open in Protected View.

Macro-based malware has made a comeback and is again the rise. Microsoft has therefore  rolled out a new Group Policy update to all Office 2016 clients on the network that blocks Internet originating macros from loading, in high-risk scenarios, and thus help enterprise administrators prevent the risk of macros.

Read: How to remove macro virus.

Block Macros malware in Office using Group Policy

Office 2016 provides a Group Policy setting that enables you to block macros from running in Word, Excel and PowerPoint files from the Internet. By default, macros in Word, Excel and PowerPoint files are enabled according to the macro warning setting. Files are identified as coming from the Internet based on the zone information added to the file by the Attachment Execution Service (AES). AES adds zone information to files that are downloaded by Outlook, Internet Explorer, and some other applications. Use the following guidelines to determine how to configure this setting if you want to block macros on Word, Excel and PowerPoint files from the Internet.

To enable this policy setting, Run gpedit.msc and navigate to the following setting:

User configuration > Administrative templates > Microsoft Word 2016 > Word options > Security > Trust Center.

Block Macros malware in Office using Group Policy

Double-click on Block macros from running in Office files from the Internet setting, Enable it.

This policy setting allows you to block macros from running in Office files that come from the Internet. If you enable this policy setting, macros are blocked from running, even if “Enable all macros” is selected in the Macro Settings section of the Trust Center. Also, instead of having the choice to “Enable Content,” users will receive a notification that macros are blocked from running. If the Office file is saved to a trusted location or was previously trusted by the user, macros will be allowed to run.  If you disable or don’t configure this policy setting, the settings configured in the Macro Settings section of the Trust Center determine whether macros run in Office files that come from the Internet.

There has been a jump in the incidence of Macro Virus, using email as well as social engineering, so you want to exercise caution and stay safe at all times!

Related read: What is Macro Virus? How to enable or disable Macros in Office, stay safe from & remove Macro Virus?

Posted by on , in Category Office with Tags
Anand Khanse is the Admin of TheWindowsClub.com, an end-user Windows enthusiast, & a 10-year Microsoft MVP Awardee in Windows for the period 2006-16. Please read the entire post & the comments first, create a System Restore Point before making any changes to your system & be careful about any 3rd-party offers while installing freeware.