The available file types that can be filtered doesn't include Office documents with macros (docm, xlsm, etc). These are being used now to sneak garbage into the network. Is there a way to ID them or are they on the horizon for inclusion in the file blocking filters? An innovative way that is being used is to create an xlsm file with a malicious macro in it and then replace the xlsm extension with csv. User thinks it's just rows of text and clicks on it, Windows feeds it to Excel, and Excel opens it and runs the macro.
Solved! Go to Solution.
The firewall will not be able to differentiate doc files with or without macros as they are basically the same file type, it will be able to identify doc files 'disguised' as CSV as it looks deeper into the file than merely the extention . You could block doc files altogether, which may be a bit over the top.
you could dable with custom vulnerability signatures to block .docm files or any identifyable string of data inside the fileor you could push an ActiveDir group policy preventing your users from opening these files
Block macros with GPO.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!