Enable antivirus scanning for Microsoft Office macros
Ensure antivirus scanning is active for macros in Microsoft Office documents.
Plain language
This control ensures that any macros in Microsoft Office documents are scanned by antivirus software before they run. Without this control, harmful code could execute, leading to data theft or damage, as many viruses are hidden in macros.
Framework
ASD Essential Eight
Control effect
Preventative
E8 mitigation strategy
RM
Classifications
N/A
Official last update
N/A
Control Stack last updated
19 Mar 2026
E8 maturity levels
ML1
Official control statement
Microsoft Office macro antivirus scanning is enabled.
Why it matters
Without Office macro antivirus scanning, malicious macros may run and lead to compromise, data loss, or disruption.
Operational notes
Regularly update antivirus signatures and confirm Microsoft Office macro scanning is enabled to detect new macro-based threats.
Implementation tips
- The IT team should ensure antivirus software is installed on all computers that use Microsoft Office. This is necessary to scan and catch harmful macros.
- System administrators should configure the antivirus software to automatically scan all Microsoft Office documents, especially those containing macros, to check for viruses.
- The security officer should verify that Microsoft Defender or another antivirus tool is set up to scan macros as soon as a document is opened.
- IT team should regularly update the antivirus software so it can recognise the latest threats that could be hidden in macros.
- System administrators should ensure that macro virus scanning settings are enforced via group policies to maintain consistency across all user devices.
Audit / evidence tips
-
AskIs antivirus scanning enabled for Microsoft Office macros?
-
GoodAntivirus settings show scanning is enabled for Office macros, and policies ensure it applies to all users
-
AskHow do you ensure antivirus definitions are up to date?
-
GoodLogs indicate daily update checks, and a recent antivirus update was applied successfully
Cross-framework mappings
How E8-RM-ML1.3 relates to controls across ISO/IEC 27001, Essential Eight, and ASD ISM.
ASD ISM
| Control | Notes | Details |
|---|---|---|
| handshake Supports (2) expand_less | ||
| ISM-1417 | ISM-1417 requires comprehensive antivirus on workstations and servers, including high-level detection settings, daily signature updates, ... | |
| ISM-1969 | ISM-1969 requires malicious code to be treated before storage or communication to prevent accidental execution | |
| link Related (1) expand_less | ||
| ISM-1672 | ISM-1672 requires Microsoft Office macro antivirus scanning to be enabled | |
These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.