You can block Macros and consequently, Macro virus or Macro targeted malware files, from the Internet, from opening & running automatically in your Microsoft Office programs like Word, Excel, or PowerPoint documents using Group Policy in Windows 10.
Office Macros are basically small bits of code written in Visual Basic (VBA), that allow you to carry out select repetitive tasks. They are useful by themselves, but many times malware writers misuse this functionality to introduce malware into your computer system.
A Macro virus is a virus that takes advantage of Macros that run in Microsoft Office applications such as Microsoft Word, PowerPoint, or Excel. Cybercriminals send you a macro-infested payload or a file which will, later on, download a malicious script, via email and use a subject line that interests or provokes you into opening the document. When you open the document, a macro runs to execute whatever the task the criminal wants.
Microsoft has disabled the Macro functioning by default. It has now set the default settings in Office to Disable all macros with notification. That is, no macro would run in the Microsoft Word until you allow it to run, since the files now open in Protected View.
Macro-based malware has made a comeback and is again the rise. Microsoft has therefore rolled out a new Group Policy update to all Office clients on the network that blocks Internet originating macros from loading, in high-risk scenarios, and thus helps enterprise administrators prevent the risk of macros.
Read: How to remove Macro virus.
Block Macros malware in Office using Group Policy
Office provides a Group Policy setting that enables you to block macros from running in Word, Excel and PowerPoint files from the Internet. By default, macros in Word, Excel and PowerPoint files are enabled according to the macro warning setting. Files are identified as coming from the Internet based on the zone information added to the file by the Attachment Execution Service (AES). AES adds zone information to files that are downloaded by Outlook, Internet Explorer, and some other applications. Use the following guidelines to determine how to configure this setting if you want to block macros on Word, Excel and PowerPoint files from the Internet.
To enable this policy setting, Run gpedit.msc and navigate to the following setting:
User configuration > Administrative templates > Microsoft Word > Word options > Security > Trust Center.
Double-click on Block macros from running in Office files from the Internet setting, Enable it.
This policy setting allows you to block macros from running in Office files that come from the Internet. If you enable this policy setting, macros are blocked from running, even if “Enable all macros” is selected in the Macro Settings section of the Trust Center. Also, instead of having the choice to “Enable Content,” users will receive a notification that macros are blocked from running. If the Office file is saved to a trusted location or was previously trusted by the user, macros will be allowed to run. If you disable or don’t configure this policy setting, the settings configured in the Macro Settings section of the Trust Center determine whether macros run in Office files that come from the Internet.
There has been a jump in the incidence of Macro Virus, using email as well as social engineering, so you want to exercise caution and stay safe at all times!