Skip to content
arrow_back
E8-RM-ML1.3
search
E8-RM-ML1.3 bolt ASD Essential Eight

Enable antivirus scanning for Microsoft Office macros

Ensure antivirus scanning is active for macros in Microsoft Office documents.

Preventative ML1 Essential EightRestrict macrosmalware
record_voice_over

Plain language

This control ensures that any macros in Microsoft Office documents are scanned by antivirus software before they run. Without this control, harmful code could execute, leading to data theft or damage, as many viruses are hidden in macros.

Framework

ASD Essential Eight

Control effect

Preventative

E8 mitigation strategy

RM

Classifications

N/A

Official last update

N/A

Control Stack last updated

19 Mar 2026

E8 maturity levels

ML1

Official control statement

Microsoft Office macro antivirus scanning is enabled.
bolt ASD Essential Eight E8-RM-ML1.3
priority_high

Why it matters

Without Office macro antivirus scanning, malicious macros may run and lead to compromise, data loss, or disruption.

settings

Operational notes

Regularly update antivirus signatures and confirm Microsoft Office macro scanning is enabled to detect new macro-based threats.

build

Implementation tips

  • The IT team should ensure antivirus software is installed on all computers that use Microsoft Office. This is necessary to scan and catch harmful macros.
  • System administrators should configure the antivirus software to automatically scan all Microsoft Office documents, especially those containing macros, to check for viruses.
  • The security officer should verify that Microsoft Defender or another antivirus tool is set up to scan macros as soon as a document is opened.
  • IT team should regularly update the antivirus software so it can recognise the latest threats that could be hidden in macros.
  • System administrators should ensure that macro virus scanning settings are enforced via group policies to maintain consistency across all user devices.
fact_check

Audit / evidence tips

  • AskIs antivirus scanning enabled for Microsoft Office macros?

  • GoodAntivirus settings show scanning is enabled for Office macros, and policies ensure it applies to all users

  • AskHow do you ensure antivirus definitions are up to date?

  • GoodLogs indicate daily update checks, and a recent antivirus update was applied successfully

link

Cross-framework mappings

How E8-RM-ML1.3 relates to controls across ISO/IEC 27001, Essential Eight, and ASD ISM.

ASD ISM

Control Notes Details
handshake Supports (2) expand_less
ISM-1417 ISM-1417 requires comprehensive antivirus on workstations and servers, including high-level detection settings, daily signature updates, ...
ISM-1969 ISM-1969 requires malicious code to be treated before storage or communication to prevent accidental execution
link Related (1) expand_less
ISM-1672 ISM-1672 requires Microsoft Office macro antivirus scanning to be enabled

These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.

Mapping detail

Mapping

Direction

Controls