Prevent Microsoft Office from Creating Executable Files
Microsoft Office is set to not produce executable files to enhance security.
🏛️ Framework
ASD Information Security Manual (ISM)
🧭 Control effect
Preventative
🔐 Classifications
NC, OS, P, S, TS
🗓️ ISM last updated
Aug 2021
✏️ Control Stack last updated
22 Feb 2026
🎯 E8 maturity levels
ML2, ML3
Guideline
Guidelines for system hardeningSection
User application hardeningMicrosoft Office is blocked from creating executable content.
Source: ASD Information Security Manual (ISM)
Plain language
Microsoft Office should not create executable files because these files can contain harmful software that may harm your computer or network. By preventing Office from creating such files, you reduce the risk of malicious software spreading and protect your organisation’s data and finances.
Why it matters
Allowing Office to create executable files can enable malware dropper behaviour, leading to compromise, data exfiltration and financial loss.
Operational notes
Enforce Office policies that block executable creation; regularly verify settings via GPO/Intune and alert on changes to reduce malware dropped from Office.
Implementation tips
- IT team should configure group policies: Set policies in your organisation's IT system to block Microsoft Office applications from saving or creating executable files. This can typically be done using Group Policy Management tools available in your IT infrastructure.
- System administrator should update security settings: Regularly review Microsoft Office security settings to ensure the feature preventing executable file creation is active. This involves checking configuration settings and comparing them against best practice guidelines to keep your systems safe.
- Office manager needs to educate staff: Run a quick training session with staff to explain why they shouldn't download executable files from email attachments or external sources. Use real-world examples of past incidents to underline the risks involved.
- Procurement team to check software compatibility: Before buying new software, ensure it can operate without needing Microsoft Office to create executable files. Request vendor documentation or test the software on a safe network to confirm it functions as needed without risks.
- Security officer should monitor for compliance: Use system tools to track and generate reports on attempts to create executable files through Office. Address any issues by investigating who attempted to create the file and why, and offer training if needed.
Audit / evidence tips
-
Ask: the Group Policy configuration: Request documentation of the IT settings that enforce the non-creation of executable files by Microsoft Office programs
Good: includes dated documentation showing the policy is correctly configured and regularly reviewed
-
Good: shows majority staff participation and recent training completion within the last year
-
Ask: security tool reports: Request a report from any security monitoring tools in use that track executable file creation attempts
Good: consists of no recent incidents or documented follow-up actions on previous detections
-
Good: includes documented checks for all new software acquired in the last year
-
Ask: incident response records: Request any security incident reports where Office-created executable files were involved
Good: will include a thorough follow-up plan showing the incident was promptly handled
Cross-framework mappings
How ISM-1668 relates to controls across ISO/IEC 27001, Essential Eight, and ASD ISM.
These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.
E8
| Control | Notes | Details |
|---|---|---|
| Partially overlaps (4) | ||
| Related (2) | ||