Prevent Microsoft Office from Creating Executable Files
Microsoft Office is set to not produce executable files to enhance security.
Plain language
Microsoft Office should not create executable files because these files can contain harmful software that may harm your computer or network. By preventing Office from creating such files, you reduce the risk of malicious software spreading and protect your organisation’s data and finances.
Framework
ASD Information Security Manual (ISM)
Control effect
Preventative
Classifications
NC, OS, P, S, TS
ISM last updated
Aug 2021
Control Stack last updated
19 Mar 2026
E8 maturity levels
ML2, ML3
Guideline
Guidelines for system hardeningSection
User application hardeningOfficial control statement
Microsoft Office is blocked from creating executable content.
Why it matters
Allowing Office to create executable files can enable malware dropper behaviour, leading to compromise, data exfiltration and financial loss.
Operational notes
Enforce Office policies that block executable creation; regularly verify settings via GPO/Intune and alert on changes to reduce malware dropped from Office.
Implementation tips
- IT team should configure group policies: Set policies in your organisation's IT system to block Microsoft Office applications from saving or creating executable files. This can typically be done using Group Policy Management tools available in your IT infrastructure.
- System administrator should update security settings: Regularly review Microsoft Office security settings to ensure the feature preventing executable file creation is active. This involves checking configuration settings and comparing them against best practice guidelines to keep your systems safe.
- Office manager needs to educate staff: Run a quick training session with staff to explain why they shouldn't download executable files from email attachments or external sources. Use real-world examples of past incidents to underline the risks involved.
- Procurement team to check software compatibility: Before buying new software, ensure it can operate without needing Microsoft Office to create executable files. Request vendor documentation or test the software on a safe network to confirm it functions as needed without risks.
- Security officer should monitor for compliance: Use system tools to track and generate reports on attempts to create executable files through Office. Address any issues by investigating who attempted to create the file and why, and offer training if needed.
Audit / evidence tips
-
Askthe Group Policy configuration: Request documentation of the IT settings that enforce the non-creation of executable files by Microsoft Office programs
Goodincludes dated documentation showing the policy is correctly configured and regularly reviewed
-
Goodshows majority staff participation and recent training completion within the last year
-
Asksecurity tool reports: Request a report from any security monitoring tools in use that track executable file creation attempts
Goodconsists of no recent incidents or documented follow-up actions on previous detections
-
Goodincludes documented checks for all new software acquired in the last year
-
Askincident response records: Request any security incident reports where Office-created executable files were involved
Goodwill include a thorough follow-up plan showing the incident was promptly handled
Cross-framework mappings
How ISM-1668 relates to controls across ISO/IEC 27001, Essential Eight, and ASD ISM.
E8
| Control | Notes | Details |
|---|---|---|
| sync_alt Partially overlaps (4) expand_less | ||
| link Related (2) expand_less | ||
These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.