Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Setup
PC Setup Configuration Help & Showcase
sypqys configuration 2024
Message
<blockquote data-quote="Andy Ful" data-source="post: 985132" data-attributes="member: 32260"><p>What do you mean by vb codes? Are they related to VBA features of MS Office (Macros, Add-ins, etc.)?</p><p>Do the original documents work differently after disabling H_C restrictions?</p><p></p><p></p><p></p><p>Most people infected via MS Office thought that the downloaded files were safe. Most of them were infected via MS Office macros or MS Office Add-ins. There are many other ways that can be adopted by the attackers in the near future to bypass the AV protection by using MS Office.</p><p>I do not have a convenient solution for you. Most security applications that protect MS Office use parent-child process monitoring, which is insufficient when you allow macros. I can only advise what I already posted:</p><ol> <li data-xf-list-type="ol">Use a safe application as the default program to open documents. So when you open the document, template, Add-in, etc., from the Desktop or Explorer (file explorer) it is not opened/installed via MS Office.<br /> This can be done by the custom configuration of default applications via Windows Settings >> Apps & features >> Default apps >> Set defaults by app. Next, choose MS Office Word, Excel, PowerPoint, and change the default application that can open the listed file types to a safe application.</li> <li data-xf-list-type="ol">You can still open your documents by opening the MS Office application and using File >> Open from the application menu.</li> <li data-xf-list-type="ol">If you must edit an unsafe document, then do not do it at once. Check it online and if it looks clean, then open it in MS Office after one or more days.</li> <li data-xf-list-type="ol">You can additionally use Defender with ASR rules or anti-exploit solutions related to MS Office.</li> <li data-xf-list-type="ol">Harden your firewall to block LOLBins' connections or use H_C to block popular LOLBins.</li> <li data-xf-list-type="ol">Learn to recognize phishing attempts.</li> </ol><p>Be safe.<img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite130" alt="(y)" title="Thumbs up (y)" loading="lazy" data-shortname="(y)" /></p></blockquote><p></p>
[QUOTE="Andy Ful, post: 985132, member: 32260"] What do you mean by vb codes? Are they related to VBA features of MS Office (Macros, Add-ins, etc.)? Do the original documents work differently after disabling H_C restrictions? Most people infected via MS Office thought that the downloaded files were safe. Most of them were infected via MS Office macros or MS Office Add-ins. There are many other ways that can be adopted by the attackers in the near future to bypass the AV protection by using MS Office. I do not have a convenient solution for you. Most security applications that protect MS Office use parent-child process monitoring, which is insufficient when you allow macros. I can only advise what I already posted: [LIST=1] [*]Use a safe application as the default program to open documents. So when you open the document, template, Add-in, etc., from the Desktop or Explorer (file explorer) it is not opened/installed via MS Office. This can be done by the custom configuration of default applications via Windows Settings >> Apps & features >> Default apps >> Set defaults by app. Next, choose MS Office Word, Excel, PowerPoint, and change the default application that can open the listed file types to a safe application. [*]You can still open your documents by opening the MS Office application and using File >> Open from the application menu. [*]If you must edit an unsafe document, then do not do it at once. Check it online and if it looks clean, then open it in MS Office after one or more days. [*]You can additionally use Defender with ASR rules or anti-exploit solutions related to MS Office. [*]Harden your firewall to block LOLBins' connections or use H_C to block popular LOLBins. [*]Learn to recognize phishing attempts. [/LIST] Be safe.(y) [/QUOTE]
Insert quotes…
Verification
Post reply
Top
