- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
03-28-2023 03:25 AM
we have a new requirement we need to block Excel macros for specific groups of user anyone know how to block
03-29-2023 12:15 AM - edited 03-29-2023 12:30 AM
Hello, @mavraham Thanks for your Response,
It's great help for us. We followed your mentioned steps. but it only blocks any malicious macros embedded in the office.
we need to block the start and stop macro options.
If is this macro option block is possible? please let us know.
03-28-2023 08:13 AM - edited 03-28-2023 08:19 AM
Try to block threat events 39154.
03-28-2023 08:24 AM - edited 03-28-2023 08:25 AM
Could you please tell me how to integrate the rule with Cortex XDR?
03-28-2023 09:19 AM - edited 03-28-2023 09:35 AM
Hi @RajeshPremSingh , thank you for writing to Live Community..
You can create a new malware security profile by going into Endpoints → policy management → add profile → choose OS → Malware →Office Files with Macros Examination (see screenshot attached). There, you can choose which action will be taken based on the policy you create.
After creating the profile, the next step would be to apply the new security profiles to endpoint(s).
Go into Policy Management → Add Policy → Create New → Enter policy name and select platform → Select the malware profile you created (see screenshot for example) → click next to choose which endpoints it will apply to and confirm the action.
I’ve attached links to our documentation about how to create new security profiles and apply them to endpoints in case you are looking for more information.
Hope this helps!
03-29-2023 12:15 AM - edited 03-29-2023 12:30 AM
Hello, @mavraham Thanks for your Response,
It's great help for us. We followed your mentioned steps. but it only blocks any malicious macros embedded in the office.
we need to block the start and stop macro options.
If is this macro option block is possible? please let us know.
03-30-2023 07:00 AM
Hi ThendralMandu,
We do not support blocking this capability. Cortex XDR is designed to prevent malicious applications and behaviors from running on your endpoints, it is not designed to be an endpoint control application.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!