https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/does-cortex-xdr-support-encrypted-macros/m-p/1219073#M7838 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/203072">@DanRoberts</a>&nbsp;<BR /><BR /><SPAN>Thank you for writing to LC!</SPAN><BR /><BR />Yes, I have seen such similar issues reported in the past.<BR /><BR />Symptom-&nbsp;</P> <P><SPAN>An MS Office application has been configured to prevent macro files in Excel from running when there is no Antivirus installed.&nbsp;&nbsp;</SPAN><SPAN><BR /></SPAN></P> <P><SPAN>When a macro is tried to be executed on a machine that has no Antivirus installed, the message below will be seen.</SPAN><BR />&nbsp;<SPAN>"This file contains encrypted macros that have been disabled because there is no antivirus software installed that can scan them. To run these macros, remove the encryption or permission restrictions on the file."</SPAN></P> <P><SPAN><BR />&nbsp;However, Cortex XDR was installed and running properly with Malware Feature enabled.<BR /><BR />Cause and solution -&nbsp;</SPAN></P> <P>&nbsp;</P> <P><SPAN>It seems the feature checks if the macro file is password protected and an Anti-Virus can actually scan those files or not,&nbsp;</SPAN><SPAN>Cortex XDR does scan macro files in general but do not scan password protected files and this is its expected behavior or design.<BR /><BR /></SPAN></P> <P><SPAN>However, For some reason the Microsoft Feature does not accurately detect if an Antivirus software is installed and running.</SPAN><BR />&nbsp;<SPAN>The feature may need to be consulted with the Microsoft Office Team since an Antivirus product is installed on the machine.</SPAN></P> <P><SPAN><BR />Additionally,&nbsp;Since Cortex XDR is working as expected. one work around would be to allow the said macro under<A href="https://support.microsoft.com/en-us/office/add-remove-or-change-a-trusted-location-in-microsoft-office-7ee1cdc2-483e-4cbb-bcb3-4e7c67147fb4" target="_blank" rel="noopener"> Trusted Location.</A><BR /><BR />Give it a like &amp;&nbsp;<STRONG>Accept as Solution</STRONG>&nbsp;if this answer helped you.<BR /><BR />Best,<BR /></SPAN></P> Mon, 03 Feb 2025 08:12:16 GMT nar 2025-02-03T08:12:16Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/does-cortex-xdr-support-encrypted-macros/m-p/1218839#M7836 <P>Getting this Office warning when trying to open a file containing an encrypted macro.&nbsp; Are they supported?&nbsp; If they are then why does the MS Windows Antivirus API incorrectly report?</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="DanRoberts_0-1738314316381.png" style="width: 400px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/65636iD5EFD8922312F7F8/image-size/medium?v=v2&amp;px=400" role="button" title="DanRoberts_0-1738314316381.png" alt="DanRoberts_0-1738314316381.png" /></span></P> <P>The host has Cortex XDR Agent 8.6.1 installed.</P> <P>&nbsp;</P> Fri, 31 Jan 2025 09:06:06 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/does-cortex-xdr-support-encrypted-macros/m-p/1218839#M7836 DanRoberts 2025-01-31T09:06:06Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/does-cortex-xdr-support-encrypted-macros/m-p/1219073#M7838 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/203072">@DanRoberts</a>&nbsp;<BR /><BR /><SPAN>Thank you for writing to LC!</SPAN><BR /><BR />Yes, I have seen such similar issues reported in the past.<BR /><BR />Symptom-&nbsp;</P> <P><SPAN>An MS Office application has been configured to prevent macro files in Excel from running when there is no Antivirus installed.&nbsp;&nbsp;</SPAN><SPAN><BR /></SPAN></P> <P><SPAN>When a macro is tried to be executed on a machine that has no Antivirus installed, the message below will be seen.</SPAN><BR />&nbsp;<SPAN>"This file contains encrypted macros that have been disabled because there is no antivirus software installed that can scan them. To run these macros, remove the encryption or permission restrictions on the file."</SPAN></P> <P><SPAN><BR />&nbsp;However, Cortex XDR was installed and running properly with Malware Feature enabled.<BR /><BR />Cause and solution -&nbsp;</SPAN></P> <P>&nbsp;</P> <P><SPAN>It seems the feature checks if the macro file is password protected and an Anti-Virus can actually scan those files or not,&nbsp;</SPAN><SPAN>Cortex XDR does scan macro files in general but do not scan password protected files and this is its expected behavior or design.<BR /><BR /></SPAN></P> <P><SPAN>However, For some reason the Microsoft Feature does not accurately detect if an Antivirus software is installed and running.</SPAN><BR />&nbsp;<SPAN>The feature may need to be consulted with the Microsoft Office Team since an Antivirus product is installed on the machine.</SPAN></P> <P><SPAN><BR />Additionally,&nbsp;Since Cortex XDR is working as expected. one work around would be to allow the said macro under<A href="https://support.microsoft.com/en-us/office/add-remove-or-change-a-trusted-location-in-microsoft-office-7ee1cdc2-483e-4cbb-bcb3-4e7c67147fb4" target="_blank" rel="noopener"> Trusted Location.</A><BR /><BR />Give it a like &amp;&nbsp;<STRONG>Accept as Solution</STRONG>&nbsp;if this answer helped you.<BR /><BR />Best,<BR /></SPAN></P> Mon, 03 Feb 2025 08:12:16 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/does-cortex-xdr-support-encrypted-macros/m-p/1219073#M7838 nar 2025-02-03T08:12:16Z