Jump to content

Detect and clean Microsoft Office makros


pronto
 Share

Recommended Posts

Hi Community,

we are currently evaluating ESET as a replacement for our current Trend Micro virus scanner. With Trend Micro, we could search in Office documents for embedded makros in incoming emails and then remove those makros. In addition, a number of file types could be blocked in general, both in e-mails and in normal browser downloads. Is that also possible in ESET?

Thx & Bye Pronto

Link to comment
Share on other sites

  • Most Valued Members

By makros you do mean threats or malicious files? , Are you talking about Outlook? if yes then ESET can protect and scan your emails in Outlook

And if you are talking about web browsing then ESET can scan Firefox,Edge,Chrome,IE11(I'm not sure about IE11 but I think yes)

Link to comment
Share on other sites

  • Administrators

All ESET products detect documents with malicious macros. If you want to specifically filter documents containing macros on a mail sever, you can create a transport agent rule  for such files:

https://help.eset.com/emsx/7.0/en-US/idh_config_mailserver_rules.html
image.png

To improve protection from malware in documents, we strongly recommend purchasing ESET Dynamic Threat Defense (EDTD) which will enable ESET Mail Security to upload documents with macros and other suspicious attachments to ESET's cloud sandbox that leverages most recent internal detections as well as Augur, ESET's advanced machine learning system to evaluate the dangerousness of analyzed files. ESET Mail Security will pass emails only after it receives information about the analyzed attachments from ESET's EDTD sandbox.
This substantially minimizes the risk that potential new malware spreading via email will make it to users' mailboxes.

For more information about EDTD, please read https://www.eset.com/us/business/dynamic-threat-defense/and https://help.eset.com/emsx/7.0/en-US/idh_config_mailserver_cmps.html.

For information about other technologies developed by ESET that protect you from threats, please read https://www.eset.com/int/about/technology/.

Link to comment
Share on other sites

Servus Marcos,

as I can see from the KB article [1], it doesn't seem to be possible to remove each macro from every Office document sent by e-mail, regardless of whether the macro is harmful or not, and still deliver the document afterwards, as long as no other rules apply?

In our daily business it is not necessary to send office documents with macros and if we do, we have instructed the senders to pack these documents into a password protected zip file. We also stopped the automatic execution of macros via group policy, but with the strategy to remove macros in general, we have done quite well and had no false positives so far.

>To improve protection from malware in documents, we strongly recommend purchasing ESET Dynamic Threat Defense (EDTD) which will enable ESET Mail Security to upload documents with macros and other suspicious attachments to ESET's cloud sandbox[...]

I can't automatically upload documents to a cloud or sandbox without approving or reviewing the content for data protection reasons, it could be highly sensitive data of our management. This is not an option...

[1] https://help.eset.com/emsx/7.0/en-US/idh_wizard_rule_action.html

Thx & Bye Tom

Link to comment
Share on other sites

  • Administrators

1, Mail server products enable you to create a rule to remove attachments with documents containing a macro regardless whether it's malicious or not.

2,EDTD was developed with security and privacy in mind. You have submitted files fully under control; by default documents are not submitted and submitted files are removed on EDTD servers after a specific time you can set or immediately after analysis. EDTD is fully GDPR compliant and is safe to use even by companies with stricter policies.

Link to comment
Share on other sites

Servus Marcos,

>1, Mail server products enable you to create a rule to remove attachments with documents containing a macro regardless whether it's malicious or not.

We misunderstand each other. It makes a difference whether I remove an attachment completely or remove a macro from an attachment, then deliver the attachment without macro (if no other rule apply). Removing the whole attachment is not an option. With our former AV solution this option was called 'Delete all macros detected by advanced macro scan'.

Thx & Bye Tom

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...