MC231204 – Antimalware Scan Interface (AMSI) integration with Office is expanding to include runtime inspection of Excel 4.0 (XLM) macros, an addition to existing support for Visual Basic for Applications (VBA). The existing default behavior for runtime inspection of VBA macros will also apply to XLM macros, providing an additional layer of security for users with Excel for Desktop on Windows.
Key points
How this will affect your organization
AMSI is an open interface available on Windows 10 for applications to request, at runtime, a synchronous scan of a memory buffer by an installed antivirus or security solution.
When AMSI detects malicious activity, Excel first notifies the user and then terminates the application session. This intervention can stop an attack in its tracks.
In its default configuration, AMSI scans macros at runtime except in these scenarios:
When this feature is enabled, affected macro runtime performance may be affected.
What you need to do to prepare
AMSI integration is on by default in the Monthly Enterprise Channel for Excel and other Office 365 client applications.
The group policy setting Macro Runtime Scan Scope specifies which documents the VBA and XLM Runtime Scan will inspect.
Learn more
Previous Microsoft 365 Apps Changelog Messages
Whether it’s Security or Cloud Computing, we have the know-how for you. Sign up for our newsletters here.