Skip to main content

Macro Whitelisting / Enabling

Be aware Macro enabled documents pose a significant security risk to PBR systems

For details of what's blocked by Group Policy refer: GPO Macro Blocking

For details of what's blocked by Threatlocker Refer: Macros Disabled in Threatlocker

Note: Macro enabled documents can be opened in web browser from SharePoint, but macro functionality is disabled by default. This is not a PBR rule or policy, its just how it works from Microsoft 

 

To enable users to open a Macro enabled document

1 - Ensure they really need the macro functionality of the document. If not then give yourself access (temporarily) to open the macro enabled document, and save the document as NOT macro enabled

2 - In AD, move the user into a Macro Enabled OU. At the time of writing the s there are 3 such OU's   

image.png

3 - In Threatlocker

Navigate to Modules, Storage Control, add new policy

Under Details give the policy a detailed name and description

Under Applies To, specify the Workstation Name (ETRB NO.)

image.pngimage.png

Under Conditions, specify Read/Write & Selected File Paths

Under selected file path, specify complete file path or file extension

image.png

Under Actions ensure Permit is selected

image.png

Then click save

Finally click on Deploy Policies, in top right corner of screen (or wait for policy to automatically deploy)

image.png

Consider deactivating the policy if this is a one off requirement

List of devices that can open Excel Macro enabled worksheets (apart from IT staff)

Active

ETRB220502L - Stef Straub, for opening Government documents. See ticket #11712  https://helpdesk.pbr.org.au/Ticket/11712. Approved by Mitch 23/05/24

ETRB220103L - Sarah Strickland, for opening Government documents. See ticket #16301 https://helpdesk.pbr.org.au/Ticket/16301.

Inactive

ETRB230301L - Rob Reed, for temporarily opening of Word 2.0 Docs from Vault. See Ticket #17794 - Deactivated 26/08/24 https://helpdesk.pbr.org.au/Ticket/17794   -

ETRB191101L - Brett Butler, Macros from Government orgs that contain macros. See #9504 for comments and info; PBR IT Helpdesk - Emerald Tourist Railway Board - ThreatLocker Storage Request for ETRB191101L ; Access to SharePoint File Deactivated 26/08/24

No Comments
Back to top