Office Macros are basically small bits of code written in Visual Basic (VBA), that allow you to carry out select repetitive tasks. They are useful by themselves, but many times malware writers misuse this functionality to introduce malware into your computer system. A Macro virus is a virus that takes advantage of Macros that run in Microsoft Office applications such as Microsoft Word, PowerPoint, or Excel. Cybercriminals send you a macro-infested payload or a file that will, later on, download a malicious script, via email and use a subject line that interests or provokes you into opening the document. When you open the document, a macro runs to execute whatever the task the criminal wants. Microsoft has disabled the Macro functioning by default. It has now set the default settings in Office to Disable all macros with notification. That is, no macro would run in Microsoft Word until you allow it to run, since the files are now open in Protected View. Macro-based malware has made a comeback and is again on the rise. Microsoft has therefore rolled out a new Group Policy update to all Office clients on the network that blocks Internet originating macros from loading, in high-risk scenarios, and thus helps enterprise administrators prevent the risk of macros. Read: How to remove Macro virus.
Block Macros from running in Office files using Group Policy
To enable this policy setting, Run gpedit.msc and navigate to the following setting: User configuration > Administrative templates > Microsoft Word > Word options > Security > Trust Center.
Double-click on Block macros from running in Office files from the Internet setting, Enable it.
Prevent Macros from running in Microsoft Office using Registry
To prevent Macros from running in Microsoft Office using Registry, follow these steps: To learn more about these steps, continue reading. To get started, you need to open the Registry Editor first. For that, press Win+R > type regedit > hit the Enter button > click the Yes option on the UAC prompt. Then, navigate to this path: Right-click on 16.0 > New > Key and name it as word. Then, right-click on the word key, select New > Key, and name it as security.
Following that, you need to create a REG_DWORD value. For that, right-click on security > New > DWORD (32-bit) Value and set the name as blockcontentexecutionfrominternet.
Double-click on it to set the Value data as 1 and click the OK button.
Finally, restart your computer to apply the change. However, if you want to revert the change and apply the default setting, you need to delete the blockcontentexecutionfrominternet REG_DWORD value. To do that, right-click on it, select the Delete option, and click the Yes button. There has been a jump in the incidence of Macro Virus, using email as well as social engineering, so you want to exercise caution and stay safe at all times! Related read: What is Macro Virus? How to enable or disable Macros in Office, stay safe from & remove Macro Virus?
How do I stop macros from running in Office files from the Internet?
There are two ways to stop macros from running in Office files from the internet – using the Local Group Policy Editor and the Registry Editor. Both methods are mentioned above, and you can follow either of them. However, you need to install the administrator templates for Office if you want to use the GPEDIT method.
How do I disable macros in Excel GPO?
To disable macros in Excel, you can use the Local Group Policy Editor. To do that, open the GPEDIT and navigate to User Configuration > Administrative Templates > Microsoft Excel 2016 > Excel Options > Security > Trust Center. Double-click on the Block macros from running in Office files from the Internet setting and choose the Enabled option. Then, click on the OK button to save the change. For your information, you can do the same in other apps and using Registry Editor as well.