Does Webroot automatically scan Microsoft Office files when opened and/or downloaded for issues like Macro viruses? Is there a setting in the management console for turning this feature on or off? I'd like to turn it on if it is not the default.
Page 1 / 1
Hello Karlsou,
Welcome to the Webroot community!
Webroot will only scan and detect files that are of the portable executable file type. Portable Executable (PE) file types usually have the following extensions: .exe, .com, .dll, .sys, and .scr. For all other file types, such as macro enabled documents (.doc/.docm/.docx), Webroot incorporates detection on a case by case basis, if a file is found to do harm on its own.
The current Threat landscape dictates that most non-PE files seen today, such as the macro enabled word documents, are simply used as an aid to drop/download malicious executable files (PE) on to a victim’s machine – it is the detection and blocking of these malicious executable files Webroot continues to focus on with great success.
Regardless of the security solution you use to scan macro documents, we've found that cybercriminals often re-obfuscate them, in order to prevent security solutions from effective detection. We instead recommend focusing on using a GPO (Group Policy) or changing the trust center settings in Office to prevent all macro documents from being run. To find steps to achieve this, we recommend reading our Ransomware Prevention Guide. You will find specific instructions to prevent execution of macros in Step 2: Disable Macro Execution.
I hope this answers the questions you have and thank you!
Regards,
Jesse L.
The Webroot Advanced Malware Removal Team
Welcome to the Webroot community!
Webroot will only scan and detect files that are of the portable executable file type. Portable Executable (PE) file types usually have the following extensions: .exe, .com, .dll, .sys, and .scr. For all other file types, such as macro enabled documents (.doc/.docm/.docx), Webroot incorporates detection on a case by case basis, if a file is found to do harm on its own.
The current Threat landscape dictates that most non-PE files seen today, such as the macro enabled word documents, are simply used as an aid to drop/download malicious executable files (PE) on to a victim’s machine – it is the detection and blocking of these malicious executable files Webroot continues to focus on with great success.
Regardless of the security solution you use to scan macro documents, we've found that cybercriminals often re-obfuscate them, in order to prevent security solutions from effective detection. We instead recommend focusing on using a GPO (Group Policy) or changing the trust center settings in Office to prevent all macro documents from being run. To find steps to achieve this, we recommend reading our Ransomware Prevention Guide. You will find specific instructions to prevent execution of macros in Step 2: Disable Macro Execution.
I hope this answers the questions you have and thank you!
Regards,
Jesse L.
The Webroot Advanced Malware Removal Team
Reply
Login to the community
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.