Skip Navigation
  1. BlackBerry Docs
  2. Cylance Endpoint Security
  3. CylancePROTECT Desktop Upgrade
  4. Upgrading to CylancePROTECT Desktop 3.x
  5. Configure and test macro detection (Windows only)

Configure and test macro detection (
Windows
 only)

There are two options available in a device policy to detect and respond to potentially dangerous macros on
Windows
 devices. The Macros option on the Script Control tab applies to
Windows
 agent 2.1.1578 and earlier. The new Exploitation > Dangerous VBA Macro option on the Memory Actions tab applies to
Windows
 agent 2.1.1580 and later. When you test your upgrade to agent 3.x, you must check your current configuration for detecting and responding to macros and configure the new Dangerous VBA Macro option accordingly.
  1. In the management console, on the menu bar, click
    Policies > Device Policy
    .
  2. Click your production device policy.
  3. On the
    Script Control
     tab, note the current configuration for macros (Alert or Block).
  4. In
    Policies > Device Policy
    , click the device policy for your test devices.
  5. On the
    Memory Actions
     tab, expand
    Exploitation
    .
  6. For the
    Dangerous VBA Macro
     violation type, set the appropriate action (Ignore, Alert, Block, or Terminate).
  7. Save the device policy.
  9. Run
    CylancePROTECT Desktop
     3.x on test devices that use files with macros that are commonly used in your organization. If necessary, add additional memory protection exclusions for safe macros. For instructions and guidance, see Memory Protection in the
    Cylance Endpoint Security
     setup content.