How can we improve?

BitDefender Macro Checking White List

It would be helpful to have a white list for some domains that can send and receive attachements containing macros if "BitDefender">"Macro Checking" is set to "Block all documents containing macros"

7 votes
Sign in
Signed in as (Sign out)

We’ll send you updates on this idea

Emil FilimonEmil Filimon shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

7 comments

Sign in
Signed in as (Sign out)
Submitting...
  • Ian BugejaAdminIan Bugeja (Director, Product Management, GFI) commented  ·   ·  Flag as inappropriate

    In GFI MailEssentials v20.2 available on insider.gfi.com, we are proposing a new change to the macro blocking

    1) Block Malicious Macros
    2) Block All Macros

    The Block Malicious Macros setting should be a valuable setting to block anything malicious and keep the company protection.
    Various techniques are employed from the different AV vendors to detect malicious macros, including heuristics and definitions.

  • Justin  AshwoodJustin Ashwood commented  ·   ·  Flag as inappropriate

    I'd like to add another vote for a separate macro scanning function with whitelist capability. We too have organisations that routinely send macro enabled documents. It's not practical to try and educate every business contact and the burden of checking the quarantine is significant for our small IT team.

  • Jörg  RietherJörg Riether commented  ·   ·  Flag as inappropriate

    agreed. I´d like a macro blocker on it´s own - without av scanning. thus it would be possible to fine tune whitelists.

  • Gareth  ChambersGareth Chambers commented  ·   ·  Flag as inappropriate

    Hi Ian, I understand the stance on now allowing whitelists for malware but macros aren't always malware. Our customers are some of the biggest companies in the world and they still send documents with macros in them. If we turn off the protection we leave ourselves open to people running malicious macros and causing damage.

    Anti-virus doesn't know the difference, so it's no use blocking macros with that, and we'd just run into the same issue of customer documents not opening.

    If there's no whitelist then we need another solution to allow messages with macros through from certain domains/senders.

  • Ian BugejaAdminIan Bugeja (Director, Product Management, GFI) commented  ·   ·  Flag as inappropriate

    Hi

    If this is the case we suggest to disable the Macro blocking check. This setting is there to block all emails which have attachment with Macros.

    We are against a whitelist for any malware feature since adding a whitelist is a breach of security policies due to the fact that email addresses can be easily spoofed.

    Please note that any Malicious attachments are still blocked (also by Bitdefender), and also if you additional AV engines such as Avira, Kaspersky or McAfee (Intel Security)

  • Gareth  ChambersGareth Chambers commented  ·   ·  Flag as inappropriate

    This is really hurting us at the moment. We get so much other bitdefender hits that turning on notifications would be pointless. Either adding a whitelist for macro checking or breaking macro checking out into its own engine with a whitelist would be really useful.

    Sending malicious macros has come back into fashion again, so we've had to turn on the blocking feature. The customer in this case is too big to care, so my team is having to check the logs every few hours to make sure we don't miss any important emails.

    This is the kind of issue that if not resolved soon, will force me to look fo replace GFI with something else.

  • Dominik ProtzekDominik Protzek commented  ·   ·  Flag as inappropriate

    Very true. You can't teach every customer to send Office documents without macros. So you really need the ability to whitelist.

Feedback and Knowledge Base