Solved

Auto scan of Microsoft Office files


Does Webroot automatically scan Microsoft Office files when opened and/or downloaded for issues like Macro viruses?  Is there a setting in the management console for turning this feature on or off?  I'd like to turn it on if it is not the default.
icon

Best answer by JesseBropez 2 August 2017, 23:17

Hello Karlsou,
 
Welcome to the Webroot community!
 
Webroot will only scan and detect files that are of the portable executable file type. Portable Executable (PE) file types usually have the following extensions: .exe, .com, .dll, .sys, and .scr.  For all other file types, such as macro enabled documents (.doc/.docm/.docx), Webroot incorporates detection on a case by case basis, if a file is found to do harm on its own. 
 
The current Threat landscape dictates that most non-PE files seen today, such as the macro enabled word documents, are simply used as an aid to drop/download malicious executable files (PE) on to a victim’s machine – it is the detection and blocking of these malicious executable files Webroot continues to focus on with great success.
 
Regardless of the security solution you use to scan macro documents, we've found that cybercriminals often re-obfuscate them, in order to prevent security solutions from effective detection. We instead recommend focusing on using a GPO (Group Policy) or changing the trust center settings in Office to prevent all macro documents from being run. To find steps to achieve this, we recommend reading our Ransomware Prevention Guide. You will find specific instructions to prevent execution of macros in Step 2: Disable Macro Execution.
 
I hope this answers the questions you have and thank you!
 
Regards,
Jesse L.
The Webroot Advanced Malware Removal Team
 
View original

1 reply

Hello Karlsou,
 
Welcome to the Webroot community!
 
Webroot will only scan and detect files that are of the portable executable file type. Portable Executable (PE) file types usually have the following extensions: .exe, .com, .dll, .sys, and .scr.  For all other file types, such as macro enabled documents (.doc/.docm/.docx), Webroot incorporates detection on a case by case basis, if a file is found to do harm on its own. 
 
The current Threat landscape dictates that most non-PE files seen today, such as the macro enabled word documents, are simply used as an aid to drop/download malicious executable files (PE) on to a victim’s machine – it is the detection and blocking of these malicious executable files Webroot continues to focus on with great success.
 
Regardless of the security solution you use to scan macro documents, we've found that cybercriminals often re-obfuscate them, in order to prevent security solutions from effective detection. We instead recommend focusing on using a GPO (Group Policy) or changing the trust center settings in Office to prevent all macro documents from being run. To find steps to achieve this, we recommend reading our Ransomware Prevention Guide. You will find specific instructions to prevent execution of macros in Step 2: Disable Macro Execution.
 
I hope this answers the questions you have and thank you!
 
Regards,
Jesse L.
The Webroot Advanced Malware Removal Team
 

Reply

    Cookie policy

    We use cookies to enhance and personalize your experience. If you accept or continue browsing you agree to our cookie policy. Learn more about our cookies.

    Accept cookies Cookie settings