Free DISA STIG and SRG Library | Vaulted
Removed

V-223381

Encrypted macros in PowerPoint Open XML presentations must be scanned.

Finding ID
O365-PT-000005
Rule ID
SV-223381r508019_rule
Severity
Cat II
CCE
(None)
Group Title
SRG-APP-000210
CCI
CCI-001170
Target Key
(None)
Documentable
No
Discussion

This policy setting controls whether encrypted macros in Open XML presentations are required to be scanned with anti-virus software before being opened. If you enable this policy setting, you may choose one of these options: - Scan encrypted macros: Encrypted macros are disabled unless anti-virus software is installed. Encrypted macros are scanned by your anti-virus software when you attempt to open an encrypted presentation that contains macros. - Scan if anti-virus software available: If anti-virus software is installed, scan the encrypted macros first before allowing them to load. If anti-virus software is not available, allow encrypted macros to load. - Load macros without scanning: Do not check for anti-virus software and allow macros to be loaded in an encrypted file. If you disable or do not configure this policy setting, the behavior will be similar to the "Scan encrypted macros" option.

Fix Text

Set the policy value for User Configuration >> Administrative Templates >> Microsoft PowerPoint 2016 >> PowerPoint Options >> Security "Scan encrypted macros in PowerPoint Open XML presentations" to "Enabled" and "Scan encrypted macros".

Check Content

Verify the policy value for User Configuration >> Administrative Templates >> Microsoft PowerPoint 2016 >> PowerPoint Options >> Security "Scan encrypted macros in PowerPoint Open XML presentations" is set to "Enabled" and "Scan encrypted macros". Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\16.0\PowerPoint\security If the value PowerPointBypassEncryptedMacroScan does not exist, this is not a finding. If the value is REG_DWORD = 0, this is not a finding.