Details
This policy setting controls whether encrypted macros in Open XML workbooks be are required to be scanned with anti-virus software before being opened. The recommended state for this setting is: Enable d. (Scan encrypted macros (default)) When an Office Open XML workbook is rights-managed or password-protected, any macros that are embedded in the workbook are encrypted along with the rest of the workbook#x2019;s contents. By default, these encrypted macros will be disabled unless they are scanned by antivirus software immediately before being loaded. If this default configuration is modified, Excel will not require encrypted macros to be scanned before loading. Excel will handle them as specified by the Office System macro security settings, which can cause macro viruses to load undetected and lead to data loss or reduced application functionality.
Solution
To implement the recommended configuration state, set the following Group Policy setting to Enabled. User ConfigurationAdministrative TemplatesMicrosoft Excel 2016Excel OptionsSecurityScan Encrypted Macros in Excel Open XML Workbooks Impact: Disabling this setting enforces the default configuration in Excel, and is therefore unlikely to cause usability issues for most users.
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: System and Information Integrity.This control applies to the following type of system Windows.