Closed jymcheong closed 3 years ago
Macros are used widely abused to deliver malware &/or abuse LOL binaries & scripts.
https://en.wikipedia.org/wiki/List_of_Microsoft_Office_filename_extensions
Using OpenXML SDK to remove macros.
This can be bypass by creating C:\Windows\openEDR\conf\dfpm\keepMacro folder.
C:\Windows\openEDR\conf\dfpm\keepMacro
Committed https://github.com/jymcheong/OpenEDRclient/commit/308da06884b31f536fb597c790120847d13e5276
jymcheong
commented
3 years ago jymcheong
commented
3 years ago
What & Why
Macros are used widely abused to deliver malware &/or abuse LOL binaries & scripts.
https://en.wikipedia.org/wiki/List_of_Microsoft_Office_filename_extensions
How
Using OpenXML SDK to remove macros.
This can be bypass by creating
C:\Windows\openEDR\conf\dfpm\keepMacrofolder.