Skip Navigation

Manage Memory Protection Alerts and Exclusions for Dangerous VBA Macro Scripts

Nine simple steps to exclude scripts from memory protection alerts or blocks with CylancePROTECT Desktop

Device policy option under policies tab

1) Click Policies > Device Policy

Add New Policy button

2) Choose an existing device policy or add a new one

Memory actions tab with memory protection check box selected

3) On the Memory Actions tab, enable Memory Protection

Dangerous VBA macro set to be blocked

4) Under Exploitation (Violation Type), set Dangerous VBA Macro to Alert or Block

When you select Alert, violations are reported to the console and the macros are allowed to run. When you select Block, the violation is reported and the macros are prevented from running.

Add exclusion button

5)  Click Add Exclusion

When you add exclusions, you are allowing specific files to run on the endpoint without the need to report violations to the console.

6) Type in the file path you want to exclude

For example, exclude \Work\Scripts

In this example, a script located in the C:\Work\Scripts folder and any of its subfolders is allowed to run.

7) Select Ignore Specific Violation Types

Dangerous VBA macro check box

8) Select Dangerous VBA Macro and click Save 

Policy with exclusion added

9) That’s it!

You have successfully excluded scripts from being alerted to (or blocked by) CylancePROTECT Desktop when a Dangerous VBA Macro violation is detected. Users that are assigned this device policy would have the exclusions applied to their devices.

For more information about Memory Protection, see the Cylance Endpoint Security Setup Guide.