Enable Antivirus Scanning for Office Macros
Ensure Microsoft Office is set to scan macros for viruses to protect against malware.
Plain language
Having Microsoft Office scan macros for viruses is crucial because macros can be used by hackers to sneak viruses into your computer. If this isn't done, these hidden viruses could steal important information or cause serious disruption to your business operations.
Framework
ASD Information Security Manual (ISM)
Control effect
Preventative
Classifications
NC, OS, P, S, TS
ISM last updated
Aug 2021
Control Stack last updated
19 Mar 2026
E8 maturity levels
ML1, ML2, ML3
Guideline
Guidelines for system hardeningSection
User application hardeningTopic
Microsoft Office MacrosOfficial control statement
Microsoft Office macro antivirus scanning is enabled.
Why it matters
If Office macros aren’t scanned for viruses, macro malware can execute, causing credential theft, data loss or disruption.
Operational notes
Confirm Office macro antivirus scanning is enabled in AV/EDR policy; test with a macro sample and monitor detections.
Implementation tips
- IT team should check Office settings: Verify that Microsoft Office is configured to scan all macros. This can be done by going into the settings of each Office application, such as Word or Excel, and ensuring that macro security settings are set to the highest level.
- Office manager to educate staff: Ensure that all staff members understand the risks of macros by conducting a brief training session. Explain how a macro can be a potential threat and show them where to find macro settings in Office applications so they can check these easily.
- System owner to monitor configurations: Regularly review and maintain the settings to ensure they haven't reverted or been changed. This may involve scheduling checks every month or using monitoring tools to alert the IT team if settings are altered.
- Procurement team to ensure software version: Confirm that all systems are running up-to-date versions of Microsoft Office that include the necessary security options to scan macros. This could involve maintaining a list of licences and checking vendor notifications for updates.
- IT support to set group policies: Implement group policies that automatically enforce macro scanning settings across all Office applications. This ensures that even if someone tries to bypass the settings, the system will revert to secure defaults automatically.
Audit / evidence tips
-
Askconfiguration reports: Request reports or screenshots showing macro security settings from each Office application
Gooda report with screenshots from all relevant applications showing correct configurations
-
Asktraining attendance records: Request records of employee training sessions on macros and their risks
Gooda list of all staff members with completion dates and training materials attached
-
Askversion logs: Request logs or documentation showing the versions of Microsoft Office in use across the organisation
Gooda log showing all systems with the latest allowed versions listed
-
Askchange monitoring alerts: Request evidence of alerts or logs that show when configurations are changed
Gooda log or alert history indicating no unauthorised changes
-
Askgroup policy configurations: Request details of group policies applied to manage macro settings
Gooddocumentation showing the policy is active and enforceable
Cross-framework mappings
How ISM-1672 relates to controls across ISO/IEC 27001, Essential Eight, and ASD ISM.
ISO 27001
| Control | Notes | Details |
|---|---|---|
| layers Partially meets (1) expand_less | ||
| Annex A 8.7 | ISM-1672 requires a specific malware protection configuration: enabling antivirus scanning for Microsoft Office macros | |
E8
| Control | Notes | Details |
|---|---|---|
| sync_alt Partially overlaps (3) expand_less | ||
| handshake Supports (2) expand_less | ||
| link Related (1) expand_less | ||
These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.