01-31-2025 01:00 AM - edited 01-31-2025 01:06 AM
Getting this Office warning when trying to open a file containing an encrypted macro. Are they supported? If they are then why does the MS Windows Antivirus API incorrectly report?
The host has Cortex XDR Agent 8.6.1 installed.
02-03-2025 12:12 AM
Hi @DanRoberts
Thank you for writing to LC!
Yes, I have seen such similar issues reported in the past.
Symptom-
An MS Office application has been configured to prevent macro files in Excel from running when there is no Antivirus installed.
When a macro is tried to be executed on a machine that has no Antivirus installed, the message below will be seen.
"This file contains encrypted macros that have been disabled because there is no antivirus software installed that can scan them. To run these macros, remove the encryption or permission restrictions on the file."
However, Cortex XDR was installed and running properly with Malware Feature enabled.
Cause and solution -
It seems the feature checks if the macro file is password protected and an Anti-Virus can actually scan those files or not, Cortex XDR does scan macro files in general but do not scan password protected files and this is its expected behavior or design.
However, For some reason the Microsoft Feature does not accurately detect if an Antivirus software is installed and running.
The feature may need to be consulted with the Microsoft Office Team since an Antivirus product is installed on the machine.
Additionally, Since Cortex XDR is working as expected. one work around would be to allow the said macro under Trusted Location.
Give it a like & Accept as Solution if this answer helped you.
Best,
02-03-2025 12:12 AM
Hi @DanRoberts
Thank you for writing to LC!
Yes, I have seen such similar issues reported in the past.
Symptom-
An MS Office application has been configured to prevent macro files in Excel from running when there is no Antivirus installed.
When a macro is tried to be executed on a machine that has no Antivirus installed, the message below will be seen.
"This file contains encrypted macros that have been disabled because there is no antivirus software installed that can scan them. To run these macros, remove the encryption or permission restrictions on the file."
However, Cortex XDR was installed and running properly with Malware Feature enabled.
Cause and solution -
It seems the feature checks if the macro file is password protected and an Anti-Virus can actually scan those files or not, Cortex XDR does scan macro files in general but do not scan password protected files and this is its expected behavior or design.
However, For some reason the Microsoft Feature does not accurately detect if an Antivirus software is installed and running.
The feature may need to be consulted with the Microsoft Office Team since an Antivirus product is installed on the machine.
Additionally, Since Cortex XDR is working as expected. one work around would be to allow the said macro under Trusted Location.
Give it a like & Accept as Solution if this answer helped you.
Best,
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
