Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
637
Views
0
Helpful
1
Replies

with ESA upgrade to 14.2 macro-detection-rule () has changed

Go to solution
Lemat
Level 1
Level 1

‎08-04-2022 04:06 AM

with 14.0 version the filter:

Macro_filter_strip: if (macro-detection-rule (['Microsoft Office Files'])) { drop-macro-enabled-attachments(['Microsoft Office Files'], "The document attached to this email contained potentially dangerous macros. The file has been removed as a safety measure."); }

was working on files which actually had macros in them.

With 14.2 the filter drops all macro-enabled attachments like .xlsm which have no macros in them (empty .xlsm document is dropped)

Is this intentional change or a bug?

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
UdupiKrishna
Cisco Employee
Cisco Employee

‎08-04-2022 05:33 PM - edited ‎08-04-2022 05:35 PM

It's a bug and not intentional - CSCwb88469

I ran a test with empty excel on 14.2.0-620 and I dont see this problem anymore. There were updates added to macro detection after similar complaints and there were updates pushed to fix this behaviour.

View solution in original post

0 Helpful
1 Reply 1

Go to solution
UdupiKrishna
Cisco Employee
Cisco Employee

‎08-04-2022 05:33 PM - edited ‎08-04-2022 05:35 PM

It's a bug and not intentional - CSCwb88469

I ran a test with empty excel on 14.2.0-620 and I dont see this problem anymore. There were updates added to macro detection after similar complaints and there were updates pushed to fix this behaviour.

0 Helpful
Customers Also Viewed These Support Documents