Skip to main content

Macro Whitelisting / Enabling

Be aware Macro enabled documents pose a significant security risk to PBR systems

 

 

To enabled Macros for a user

1 - Ensure they really need the macro functionality of the document. If not then give yourself access (temporarily) to open the macro enabled document, and save the document as NOT macro enabled

2 - In AD, move the user into a Macro Enabled OU. At the time of writing the s there are 3 such OU's   

image.png

3 - In Threatlocker

Navigate to Modules, Storage Control, add new policy

Under Details give the policy a detailed name and description

image.png

Under Applies To, specify the Workstation Name (ETRB NO.)

image.png

Under Conditions, specify Read/Write & Selected File Paths

Under selected file path, specify complete file path or file extension

image.png

Under Actions ensure Permit is selected

image.png

Then click save

Finally click on Deploy Policies, in top right corner of screen (or wait for policy to automatically deploy)

image.png

Consider deactivating the policy if this is a one off requirement

 

List of devices that can run macros (apart from IT staff)

ETRB191101L - Brett Butler, Macros from Government orgs that contain macros. See #9504 for comments and info; PBR IT Helpdesk - Emerald Tourist Railway Board - ThreatLocker Storage Request for ETRB191101L ; Access to SharePoint File

ETRB220502L - Stef Straub, for opening Government documents. As per helpdesk ticket #11712  https://helpdesk.pbr.org.au/Ticket/11712. Approved by Mitch 23/05/24

 

Back to top