There are two options available in a device policy to detect and respond to potentially dangerous macros on Windows devices. The Macros option on the Script Control tab applies to Windows agent 2.1.1578 and earlier. The new Exploitation > Dangerous VBA Macro option on the Memory Actions tab applies to Windows agent 2.1.1580 and later. When you test your upgrade to agent 3.x, you must check your current configuration for detecting and responding to macros and configure the new Dangerous VBA Macro option accordingly.
In the management console, on the menu bar, click Policies > Device Policy.
Click your production device policy.
On the Script Control tab, note the current configuration for macros (Alert or Block).
In Policies > Device Policy, click the device policy for your test devices.
On the Memory Actions tab, expand Exploitation.
For the Dangerous VBA Macro violation type, set the appropriate action (Ignore, Alert, Block, or Terminate).
Run Aurora Protect Desktop 3.x on test devices that use files with macros that are commonly used in your organization. If necessary, add additional memory protection exclusions for safe macros. For instructions and guidance, see Device policy: Memory Protection settings in the Aurora Endpoint Security setup content.
