Microsoft adds Antivirus to Office Apps to tackle macro malware

Microsoft has integrated all the Office apps with Antivirus to prevent macro malware attacks. The company is using Antimalware Scan Interface (AMSI) to tackle VBA macros embedded in documents.

Recently, we reported how hackers used Microsoft Excel Documents to carry out CHAINSHOT Malware Attack. These types of attacks are getting common and allow hackers to gain easy access to the victim’s computer. The new AMSI interface is already being added by various Antivirus companies to prevent attacks via malicious JavaScript, VBScript, and PowerShell.

When a potentially high-risk function or method (a trigger; for example, CreateProcess or ShellExecute) is invoked, Office halts the execution of the macro and requests a scan of the macro behavior logged up to that moment, via the AMSI interface.

– Microsoft

Microsoft future notes that the solution might not be perfect but it’s better to have nothing. That said since Microsoft is using ATP and Windows Defender, the results can be shared and can block new threats. The Office AMSI integration is turned on by default in all Office 365 applications that support VBA macros, including Word, Excel, PowerPoint, and Outlook. Microsoft will scan all the Macros unless they’re signed by a trusted party or they’re opened in a trusted location.