Block Office Files with Macro's
We are getting numerous malware attacks with zero hour Office files containing malicious Macro's, these are often blocked within 60-90 minutes but some are still being received by users. The signature is changing regularly so they aren't picked up by your scanners despite the original virus being around 12 months old.
We do educate the users not to open them and Macro's are disabled, but blocking the content at the gateway would be better.
Some of this functionality was available in Forefront for Exchange.
Erik Solem commented
Essentially all office files and PDF that contain custom code should be detected in EOP and then allow rule-based handling. I want to be able to block all office files and PDFs with custom code that is received from external senders.
It would be good if we could add a transport rule to Exchange Online that blocks email attachments that contain macros (similar to the rule that blocks executable content)
Scott Turner commented
Blocking these files via GPO is not sufficient - that requires all machines be subscribed to the domain policy, and frankly, while that is optimal, it's not realistic.
Charley Money commented
For both windows and Mac