Learn how to create a policy in Symantec Email Security.cloud Data Protection to control macro files in Microsoft Office.
Create a policy to block restricted files
- In the Symantec.cloud portal, navigate to Services > Data Protection.
- Create a new Data Protection policy, and configure it as follows:
- Name: Monitor Office Macros
- Apply to: Inbound email only. Other options are available, which depend on the scope you desire.
- Execute if: All rules are met
- Action: Redirect to Administrator”. Other actions are available, which depends on your intended result
- Administrator email: Configure a non-production administrator email address. This must be non-production address because Data Protection policy administrators are automatically whitelisted from all Data Protection policies to avoid mail loops.
- Notifications: None
- Add a new Rule, and configure it as follows:
- Name: Office Macros
- Set it to: ANY conditions are met
- Add a new condition, Attachment MIME Type List.
- Click Create a new MIME Type List.
- Name: Office macro mime types
- The following entries are the MIMEs for macro documents:
application/vnd.ms-excel.sheet.macroEnabled.12
application/vnd.ms-excel.template.macroEnabled.12
application/vnd.ms-excel.addin.macroEnabled.12
application/vnd.ms-powerpoint.addin.macroEnabled.12
application/vnd.ms-powerpoint.presentation.macroEnabled.12
application/vnd.ms-powerpoint.slideshow.macroEnabled.12
application/vnd.ms-powerpoint.slide.macroEnabled.12
application/vnd.ms-powerpoint.template.macroEnabled.12
application/vnd.ms-word.document.macroEnabled.12
application/vnd.ms-word.template.macroEnabled.12
application/vnd.ms-excel.sheet.binary.macroEnabled.12
- Add a new condition, Attachment Filename List.
- Click Create a new filename List.
- Name: Office macro extensions files
- The following entries are the extensions for macro documents:
*.xlsm
*.xlm
*.xltm
*.xlam
*.ppam
*.pptm
*.potm
*.ppsm
*.sldm
*.docm
*.dotm
*.mam
- Click Save.
- Configure the Condition options as follows:
- Attachment filename: matches any of the filenames in the selected lists
- Click Save.
- Configure the Condition options as follows:
- Attachment MIME type: matches any of the MIME types in the selected lists
Note: This section is optional; you can implement this policy if you have a source which needs to send you these types of files. We will only add a Sender Domain list as an example, but you can add or use a Sender Group where you list email addresses instead. Data Protection occurs after the Antivirus scan. If files are detected as malicious, they'll be blocked by the Antivirus service.
- Add a new Rule, and configure it as follows:
- Name: Valid file senders
- Set it to: ANY conditions are met
- Add a new condition, Sender Domain List
- Click Create a new Domain List.
- Name: Approved file senders
- In this list add source domains deemed valid for the file restrictions above. For example:
example.com
businesspartner.example.com
- Click Save.
- Configure the Condition options as follows:
- Domain of the sender: is in none of the selected lists
Additional information