Antimalware Scan Interface (AMSI) to include runtime inspection of Excel 4.0 macros (XLM)

From Microsoft Corporation

MC231204 · Published Dec 22, 2020

Action required by Jan 31, 2021

From QuixTec, LLC: about Microsoft Technical Bulletins: The information contained in these technical bulletins are provided ‘unaltered’ from the Microsoft 365 Message center. As an authorized Microsoft Partner, QuixTec’s’ Custom SharePoint Development and Office 365 expertise takes Microsoft notifications into full account throughout initiatives. We tailor your solution according to your corporate style and business requirements and make recommendations based upon our knowledgebase of Microsoft Technologies and technical bulletins. QuixTec’s Microsoft SharePoint development services delivers user-friendly, feature-rich applications. For example: using SharePoint’s flexibility, the solutions we create for you will be intuitive and welcome your users to collaborate and capture crucial information necessary to efficiently complete tasks. (425) 367-9025

Message Summary

Antimalware Scan Interface (AMSI) integration with Office is expanding to include runtime inspection of Excel 4.0 (XLM) macros, an addition to existing support for Visual Basic for Applications (VBA). The existing default behavior for runtime inspection of VBA macros will also apply to XLM macros, providing an additional layer of security for users with Excel for Desktop on Windows.

Key points

  • Timing: Monthly Enterprise Channel, February 2021
  • Roll-out:  tenant level
  • Control type: admin control 
  • Action: review and assess by January 31, 2021

How this will affect your organization

AMSI is an open interface available on Windows 10 for applications to request, at runtime, a synchronous scan of a memory buffer by an installed antivirus or security solution.

When AMSI detects malicious activity, Excel first notifies the user and then terminates the application session. This intervention can stop an attack in its tracks.

In its default configuration, AMSI scans macros at runtime except in these scenarios:

When this feature is enabled, affected macro runtime performance may be affected.

What you need to do to prepare

AMSI integration is on by default in the Monthly Enterprise Channel for Excel and other Office 365 client applications.

The group policy setting Macro Runtime Scan Scope specifies which documents the VBA and XLM Runtime Scan will inspect.

  • Configure the Macro Runtime Scan Scope policy by January 31, 2021 if you wish to deviate from the default settings.
  • If you choose to change the settings or disable, that policy setting will affect both VBA and XLM macros.

Learn more

QuixTec, LLC is a U.S. certified Veteran Owned, modern DevOps organization and Microsoft Partner that specializes in Microsoft SharePoint, Office 365 & HTML5 technologies for small to enterprise-sized organizations. Richard has 30 years of experience working with several notable companies that include World Vision, Expedia, Microsoft, Levi Strauss, NASA, Boeing Aerospace, Los Alamos National Laboratory and the U.S. Air Force, to name a few. QuixTec is located in the Seattle area. Phone today for a free consultation and project estimate: (425) 367-9025

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.