MS Office Policy Settings
[Policy] > [Basic Decontamination Policy] > [MS Office] Settings
The MS Office tab is specialized for Microsoft Office documents such as Word, Excel, and PowerPoint.DecontaminationDefines the policy.
This setting is a security threat element that can be included in the document (Macro, OLEobject,ActiveXYou can finely adjust whether to remove or keep items such as these.
⚠️ The permission to set the basic de-identification policy is granted to [Administrator Type - System Administrator], and
Administrator permission settings can be configured in [Administrator Settings] > [Account and Permission Management].
Detailed Description of Settings Items
| Policy Name | Description |
|---|---|
| Object Deletion Settings in Document | Set whether to remove OLE objects (images, shapes, charts, etc.) included in MS Office documents. --- OLE (Object Linking and Embedding) is a feature that allows you to insert or link objects from other programs within a document. There is a risk of executing malicious code as external programs can be run through OLE objects. |
| Object Specification Settings to Maintain Within the Document | Specifies the type of OLE object to keep without deleting when using "Document Object Deletion Settings". Pbrush, Picture is fundamentally classified as a graphic object and maintenance is recommended. Input example) Pbrush;Picture; --- Objects in the document (e.g., images, shapes, charts, OLE objects, etc.) are various visual or functional elements included in the document. This setting allows you to maintain specific objects to maximize consistency within the document. |
| Document Macro Processing Settings | Set whether to remove VBA (Visual Basic for Applications) macros included in MS Office documents. VBA macros are codes that automatically run when a document is opened, and they are a major pathway for the execution of malicious code. |
| Remove DDEAUTO Setting in Document | Set whether to remove the automatic data connection feature between documents, DDEAUTO (Dynamic Data Exchange Automatic Update). DDEAUTO is considered a security threat as it can automatically execute external programs when a document is opened. |
| Remove ActiveX Control Settings in Document | Sets whether to remove ActiveX controls included in the document. ActiveX controls are executable objects such as buttons and checkboxes, and they are considered a security threat due to the possibility of executing external code. |
| Setting ActiveX Content to be Maintained in the Document | Specify the name of the ActiveX control to exclude from the removal target. PictureFrame is primarily classified as an image object and maintenance is recommended. Input Example) PictureFrame; |
| Blocking settings for documents from versions prior to MS Office 97 | Set whether to import legacy documents saved in formats prior to MS Office 97. Older document formats such as Word 6.0 and Excel 95 are considered security threats due to their weak document structure and numerous known security vulnerabilities. |
| Setting to Remove OLE External Links in Document | Set whether to remove OLE external links included in the document. OLE external links are considered a security threat as they can automatically reference or execute external files or links when the document is opened. |
| Remove Hyperlink Settings in Document | Set whether to remove hyperlinks included in the document. Hyperlinks can lead to malicious sites or pose security threats through external connections. |
Input Rules and Precautions
- Input when specifying objects or ActiveX content is
세미콜론(;)divided by,It is case-sensitive.. - 'Specify objects to retain in the document' or 'Specify ActiveX content to retain' refers to each removal setting that is
ONIt only applies when. - Files prior to MS Office 97 are structurally unstable and have a high potential for containing malware, soRecommended to blockdoes.
- Removing hyperlinks and OLE links is advantageous for security as they can introduce malicious files through external paths.
Notes
| Terminology | Definition | Security Threats | example |
|---|---|---|---|
| OLE (Object Linking and Embedding) | Another document or file within the documentInsert or Linkfunction | The inserted executable file or object isAutomatically run when opening the documentcan perform malicious actions | Included in the Word document.exe, Excel file |
| VBA (Visual Basic for Applications) | Used in MS OfficeMacro Programming Language | Malicious VBA code can execute automatically and affect the system. | Excel Macro Button, Automated Processing Script |
| Macro (Macro) | Automating repetitive tasksCommand Collection Mostly written in VBA | Malware can operate without the user's knowledge during execution. | Execute command upon document opening |
| DDEAUTO (Dynamic Data Exchange Auto) | Data between documentsAutomatic synchronizationfunction | Malicious scripts or commands can be executed through external documents. | Automatically Reflecting Data from External Word Documents in Excel |
| ActiveX | For feature extension within the documentControl Tools (buttons, media, etc.) | External code execution is possible, allowing for the inclusion of malicious control code. | Execute external URL on control click in Excel |
| hyperlink (Hyperlink) | to external websites or files within the documentLink to Connect | malicious site or fileInducing Accesspossible | a link like "Click here" |
| Documents before MS Office 97 | .doc, .xlsand older versions of MS Office documents | structurally vulnerable,Lack of security features | Word 97 document, Excel 95 document, etc. |
- This setting applies only to MS Office file types (DOC, DOCX, XLS, PPT, etc.).
- After changing the settings, you can check the records and restore them in the [Policy Change History] menu.