Configure and test macro detection Skip Navigation

Configure and test macro detection

There are two options available in a device policy to detect and respond to potentially dangerous macros on
Windows
devices. The Macros option on the Script Control tab applies to
Windows
agent 2.1.1578 and earlier. The new Exploitation > Dangerous VBA Macro option on the Memory Actions tab applies to
Windows
agent 2.1.1580 and later. When you test your upgrade to agent 3.x, you must check your current configuration for detecting and responding to macros and configure the new Dangerous VBA Macro option accordingly.
  1. In the management console, on the menu bar, click
    Policies > Device Policy
    .
  2. Click your production device policy.
  3. On the
    Script Control
    tab, note the current configuration for macros (Alert or Block).
  4. In
    Policies > Device Policy
    , click the device policy for your test devices.
  5. On the
    Memory Actions
    tab, expand
    Exploitation
    .
  6. For the
    Dangerous VBA Macro
    violation type, set the appropriate action (Ignore, Alert, Block, or Terminate).
  7. Save the device policy.
  8. Run
    CylancePROTECT Desktop
    3.x on test devices that use files with macros that are commonly used in your organization. If necessary, add additional memory protection exclusions for safe macros. For instructions and guidance, see Memory Protection in the
    Cylance Endpoint Security
    setup content.