Block Microsoft Office from creating executable content
Prevent Microsoft Office from making executable files to stop malware.
Plain language
Blocking Microsoft Office from creating executable content is like preventing it from crafting its own tools out of thin air. This control is key because it stops malicious software hiding in your documents from turning into a bigger threat. Without it, simply opening the wrong file could give hackers a way to run harmful programs on your computer.
Framework
ASD Essential Eight
Control effect
Preventative
E8 mitigation strategy
Application hardening
Classifications
N/A
Official last update
N/A
Control Stack last updated
19 Mar 2026
E8 maturity levels
ML2
Official control statement
Microsoft Office is blocked from creating executable content.
Why it matters
If Office can create executable content (e.g., scripts/EXEs), malicious documents can drop and run malware, enabling compromise and data theft.
Operational notes
Confirm Group Policy/ASR rules block Office apps from creating executable content; re-check after Office updates and test with a sample macro dropper.
Implementation tips
- System Administrator should configure Microsoft Office settings to prevent the creation of executable files by changing the group policy settings.
- IT Team needs to review existing application control policies to ensure Office applications are included, implementing rules to deny creation of executable content.
- Security Officer must train staff on safe document handling practices to reduce exposure to risky files and reinforce this control.
- IT Manager should ensure software updates and patches for Microsoft Office that address security vulnerabilities are promptly applied.
Audit / evidence tips
-
AskCan you demonstrate how Microsoft Office is prevented from creating executable content?
-
GoodThe group policy shows active settings that block executable content creation in Office applications
-
AskHow are staff trained to handle documents safely?
-
GoodRecent training materials and attendance records confirm ongoing education efforts on document security
Cross-framework mappings
How E8-AH-ML2.3 relates to controls across ISO/IEC 27001, Essential Eight, and ASD ISM.
ISO 27001
| Control | Notes | Details |
|---|---|---|
| layers Partially meets (1) expand_less | ||
| Annex A 8.7 | E8-AH-ML2.3 requires a specific technical restriction: Microsoft Office is blocked from creating executable content | |
ASD ISM
| Control | Notes | Details |
|---|---|---|
| sync_alt Partially overlaps (5) expand_less | ||
| ISM-1667 | ISM-1667 requires Microsoft Office to be blocked from creating child processes | |
| ISM-1669 | E8-AH-ML2.3 requires Microsoft Office to be blocked from creating executable content to prevent initial malware execution | |
| ISM-1672 | ISM-1672 requires Microsoft Office macro antivirus scanning to be enabled to detect malicious macro-enabled content | |
| ISM-1673 | E8-AH-ML2.3 requires Microsoft Office to be blocked from creating executable content to prevent malware establishing or running | |
| ISM-1969 | ISM-1969 requires treating malicious code prior to storage or communication to prevent accidental execution | |
| handshake Supports (1) expand_less | ||
| ISM-1542 | ISM-1542 requires Microsoft Office to be configured to prevent activation of Object Linking and Embedding (OLE) packages | |
| extension Depends on (1) expand_less | ||
| ISM-1823 | E8-AH-ML2.3 requires Microsoft Office to be blocked from creating executable content, which relies on Office security settings remaining ... | |
| link Related (1) expand_less | ||
| ISM-1668 | ISM-1668 requires Microsoft Office to be blocked from creating executable content | |
These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.