Skip to content
ATO Pathways
Log In
Overview
Search
Catalogs
SCAP
OSCAL
Catalogs
Profiles
Documents
References
Knowledge Base
Platform Documentation
Compliance Dictionary
Platform Changelog
About
Catalogs
XCCDF
Microsoft Office 365 ProPlus Security Technical Implementation Guide
SRG-APP-000210
The Macro Runtime Scan Scope must be enabled for all documents.
The Macro Runtime Scan Scope must be enabled for all documents.
An XCCDF Rule
Details
Profiles
Prose
The Macro Runtime Scan Scope must be enabled for all documents.
Medium Severity
<VulnDiscussion>This policy setting specifies for which documents the VBA Runtime Scan feature is enabled. If the feature is disabled for all documents, no runtime scanning of enabled macros will be performed. If the feature is enabled for low trust documents, the feature will be enabled for all documents for which macros are enabled except: - Documents opened while macro security settings are set to "Enable All Macros" - Documents opened from a Trusted Location - Documents that are Trusted Documents - Documents that contain VBA that is digitally signed by a Trusted Publisher If the feature is enabled for all documents, then the above class of documents are not excluded from the behavior. This protocol allows the VBA runtime to report to the Anti-Virus system certain high-risk code behaviors it is about to execute and allows the Anti-Virus to report back to the process if the sequence of observed behaviors indicates likely malicious activity so the Office application can take appropriate action. When this feature is enabled, affected VBA projects' runtime performance may be reduced.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>