BitDefender Macro Checking White List
It would be helpful to have a white list for some domains that can send and receive attachements containing macros if "BitDefender">"Macro Checking" is set to "Block all documents containing macros"
In GFI MailEssentials v20.2 available on insider.gfi.com, we are proposing a new change to the macro blocking
1) Block Malicious Macros
2) Block All Macros
The Block Malicious Macros setting should be a valuable setting to block anything malicious and keep the company protection.
Various techniques are employed from the different AV vendors to detect malicious macros, including heuristics and definitions.
Justin Ashwood commented
I'd like to add another vote for a separate macro scanning function with whitelist capability. We too have organisations that routinely send macro enabled documents. It's not practical to try and educate every business contact and the burden of checking the quarantine is significant for our small IT team.
Jörg Riether commented
agreed. I´d like a macro blocker on it´s own - without av scanning. thus it would be possible to fine tune whitelists.
Gareth Chambers commented
Hi Ian, I understand the stance on now allowing whitelists for malware but macros aren't always malware. Our customers are some of the biggest companies in the world and they still send documents with macros in them. If we turn off the protection we leave ourselves open to people running malicious macros and causing damage.
Anti-virus doesn't know the difference, so it's no use blocking macros with that, and we'd just run into the same issue of customer documents not opening.
If there's no whitelist then we need another solution to allow messages with macros through from certain domains/senders.
If this is the case we suggest to disable the Macro blocking check. This setting is there to block all emails which have attachment with Macros.
We are against a whitelist for any malware feature since adding a whitelist is a breach of security policies due to the fact that email addresses can be easily spoofed.
Please note that any Malicious attachments are still blocked (also by Bitdefender), and also if you additional AV engines such as Avira, Kaspersky or McAfee (Intel Security)
Gareth Chambers commented
This is really hurting us at the moment. We get so much other bitdefender hits that turning on notifications would be pointless. Either adding a whitelist for macro checking or breaking macro checking out into its own engine with a whitelist would be really useful.
Sending malicious macros has come back into fashion again, so we've had to turn on the blocking feature. The customer in this case is too big to care, so my team is having to check the logs every few hours to make sure we don't miss any important emails.
This is the kind of issue that if not resolved soon, will force me to look fo replace GFI with something else.
Dominik Protzek commented
Very true. You can't teach every customer to send Office documents without macros. So you really need the ability to whitelist.