The scanning of encrypted macros in open XML documents must be enforced.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-71015	DTOO142	SV-85639r1_rule		Medium

Description
This policy setting controls whether encrypted macros in Open XML workbooks be are required to be scanned with anti-virus software before being opened. If you enable this policy setting, you may choose one of these options:- Scan encrypted macros: encrypted macros are disabled unless anti-virus software is installed. Encrypted macros are scanned by your anti-virus software when you attempt to open an encrypted workbook that contains macros.- Scan if anti-virus software available: if anti-virus software is installed, scan the encrypted macros first before allowing them to load. If anti-virus software is not available, allow encrypted macros to load.- Load macros without scanning: do not check for anti-virus software and allow macros to be loaded in an encrypted file. If you disable or do not configure this policy setting, the behavior will be similar to the "Scan encrypted macros" option.

Description

This policy setting controls whether encrypted macros in Open XML workbooks be are required to be scanned with anti-virus software before being opened. If you enable this policy setting, you may choose one of these options:- Scan encrypted macros: encrypted macros are disabled unless anti-virus software is installed. Encrypted macros are scanned by your anti-virus software when you attempt to open an encrypted workbook that contains macros.- Scan if anti-virus software available: if anti-virus software is installed, scan the encrypted macros first before allowing them to load. If anti-virus software is not available, allow encrypted macros to load.- Load macros without scanning: do not check for anti-virus software and allow macros to be loaded in an encrypted file. If you disable or do not configure this policy setting, the behavior will be similar to the "Scan encrypted macros" option.

STIG	Date
Microsoft Excel 2016 Security Technical Implementation Guide	2017-09-19

Details

Check Text ( C-71443r3_chk )
Verify the policy value for User Configuration -> Administrative Templates -> Microsoft Excel 2016 -> Excel Options -> Security "Scan encrypted macros in Excel Open XML workbooks" is set to "Disabled". The option 'Enabled: Scan encrypted macros (default)' is also an acceptable value. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\16.0\excel\security Criteria: If the value ExcelBypassEncryptedMacroScan does not exist, this is not a finding. If the value is REG_DWORD = 0, this is not a finding.

Check Text ( C-71443r3_chk )

Verify the policy value for User Configuration -> Administrative Templates -> Microsoft Excel 2016 -> Excel Options -> Security "Scan encrypted macros in Excel Open XML workbooks" is set to "Disabled". The option 'Enabled: Scan encrypted macros (default)' is also an acceptable value.

Procedure: Use the Windows Registry Editor to navigate to the following key:

HKCU\Software\Policies\Microsoft\Office\16.0\excel\security

Criteria: If the value ExcelBypassEncryptedMacroScan does not exist, this is not a finding. If the value is REG_DWORD = 0, this is not a finding.

Fix Text (F-77347r2_fix)
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Excel 2016 -> Excel Options -> Security "Scan encrypted macros in Excel Open XML workbooks" to "Disabled".