- Jul 3, 2015
Thanks, Andy.The system-wide H_C option <Documents Anti-Exploit> set to 'Adobe + VBA' is a very strong mitigation, and it will block any attempts to use VBA code in MS Office applications. It is much stronger than blocking macros in MS Office documents. Usually, the users do not need VBA in MS Office, unless they need the automation macros in templates, Add-ins, etc. In such a case, the system-wide H_C option <Documents Anti-Exploit> should be set to 'Adobe'. Next, MS Office hardening can be done via Switch Default-Deny >> Documents Anti-Exploit . This hardening is valid only for the current account, so it should be done on all user accounts that use MS Office.
My favorite Word add-on is SaveReminder, because it can be configured to force Word to do a full save of the open document every X number of minutes. If Word doesn't do a full save, Cloud syncing services such as Dropbox will not be able to sync changes to the open doc. They will sync changes only when you close the doc, or remember to hit the save button.
If anyone can think of another way to do this, I would be happy to get rid of the add-on.
I experimented with the new "Automatically save" feature in Office 365, it is enabled if your docs are in OneDrive. It regularly syncs changes in open documents.
It's pretty good, but if you are using a free OneDrive account, it won't help you recover from ransomware. This is because a free OneDrive will only keep past versions for a file in Office format. Once the file extension changes, OneDrive no longer recognizes it as an Office doc, and the past versions are lost.