Block or restrict macro-enabled files with Data Protection policies

book

Article ID: 178926

calendar_today

Updated On:

Products

Email Security.cloud

Issue/Introduction

 

Resolution

Learn how to create a policy in Symantec Email Security.cloud Data Protection to control macro files in Microsoft Office.

Create a policy to block restricted files

  1. In the Symantec.cloud portal, navigate to Services > Data Protection.
  2. Create a new Data Protection policy, and configure it as follows:
    • Name: Monitor Office Macros
    • Apply to: Inbound email only. Other options are available, which depend on the scope you desire.
    • Execute if: All rules are met
    • Action: Redirect to Administrator”. Other actions are available, which depends on your intended result
    • Administrator email: Configure a non-production administrator email address. This must be non-production address because Data Protection policy administrators are automatically whitelisted from all Data Protection policies to avoid mail loops.
    • Notifications: None
       
  3. Add a new Rule, and configure it as follows:
    • Name: Office Macros
    • Set it to: ANY conditions are met
       
    1. Add a new condition, Attachment MIME Type List.
      • Click Create a new MIME Type List.
      • Name: Office macro mime types
      • The following entries are the MIMEs for macro documents:

        application/vnd.ms-excel.sheet.macroEnabled.12
        application/vnd.ms-excel.template.macroEnabled.12
        application/vnd.ms-excel.addin.macroEnabled.12
        application/vnd.ms-powerpoint.addin.macroEnabled.12
        application/vnd.ms-powerpoint.presentation.macroEnabled.12
        application/vnd.ms-powerpoint.slideshow.macroEnabled.12
        application/vnd.ms-powerpoint.slide.macroEnabled.12
        application/vnd.ms-powerpoint.template.macroEnabled.12
        application/vnd.ms-word.document.macroEnabled.12
        application/vnd.ms-word.template.macroEnabled.12
        application/vnd.ms-excel.sheet.binary.macroEnabled.12
         
    2. Add a new condition, Attachment Filename List.
      • Click Create a new filename List.
      • Name: Office macro extensions files
      • The following entries are the extensions for macro documents:

        *.xlsm
        *.xlm
        *.xltm
        *.xlam
        *.ppam
        *.pptm
        *.potm
        *.ppsm
        *.sldm
        *.docm
        *.dotm
        *.mam
         
      • Click Save.
      • Configure the Condition options as follows:
        • Attachment filename: matches any of the filenames in the selected lists
    3. Click Save.
    4. Configure the Condition options as follows:
      • Attachment MIME type: matches any of the MIME types in the selected lists

Note: This section is optional; you can implement this policy if you have a source which needs to send you these types of files. We will only add a Sender Domain list as an example, but you can add or use a Sender Group where you list email addresses instead. Data Protection occurs after the Antivirus scan. If files are detected as malicious, they'll be blocked by the Antivirus service.

  1. Add a new Rule, and configure it as follows:
    • Name: Valid file senders
    • Set it to: ANY conditions are met
       
    1. Add a new condition, Sender Domain List
      • Click Create a new Domain List.
      • Name: Approved file senders
      • In this list add source domains deemed valid for the file restrictions above. For example:

        example.com
        businesspartner.net
         
      • Click Save.
      • Configure the Condition options as follows:
        • Domain of the sender: is in none of the selected lists
           

Additional information