I have an Excel tool (xlsm file) I'm spreading to users, they download the file from our site and after that can use it. In a nutshell:
- the tool has its own menu bar and a bunch of macros that e.g. do calculations, pull in data from an API, etc.
- I use Unviewable to hide the code from the users
- I sign the VBA project with a certificate
Last month, an user reported having issues running the tool and passed it on to his IT department. They came back with several ASR rules they had to switch off to make the tool work (all macros etc). They were reluctant to do so because of "general virus threats". These were the 3 rules they had to switch off: Attack surface reduction (ASR) rules reference
- Block Win32 API calls from Office macro
- Block execution of potentially obfuscated scripts (js/vbs/ps)
- Block JavaScript or VBScript from launching downloaded executable content https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-reference?view=o365-worldwide
So my question 1 is: I think the obfuscated scripts line has to do with Unviewable, but have no idea what can cause the other 2 items in that list. Does anyone have an idea? Maybe some references in my project? And the second question: as I signed my tool with a certificate, wouldn't that for that IT department be a fix - just allow macros that are signed (and add my certificate to the trusted publishers in Excel)?
