While making the security better, Microsoft has added XLM macro protection for all the Microsoft 365 customers that are expanding the runtime defense with is provided by Office 365 that integrated with Antimalware Scan Interface and also consist Excel 4.0 while scanning.

What is AMSI?

AMSI was founded in 2015 and it is used by all the antivirus that is available for Windows 10. It also authorizes the users while communicating with other security products and requesting the runtime scans of malicious data.

This also exposes other malicious events that were hidden under the heavy obfuscation and detects and blocks the malware that abusing Office VBA macros and PowerShell, VBScript, MSHTA/ Jscript9, WMI, or .NET code that used while deploying the malware payloads through the Office document macros.

Therefore, Microsoft extended its support for AMSI and other Office 365 client applications in 2018 while defending the customers from VBA macros attacks.

Whereas the recent AMSI instrumentation in XLM directly tackles the malware campaigns and misuse this feature. AMSI is an open interface and other antivirus solutions can also use the same visibility while improving the protection against these threats.

AMSI also started authorizing the Office 365 applications that block malicious VBA macros attackers which include Trickbot, Ursnif, and Zloader that migrated using the XLM-based malware while employing the static and infect the targets.

Microsoft also added that all the VBA and XLM rudimentary is very powerful and they provide interoperability to the OS. Several organization users are using the functions for legal uses. Multiple cyber hackers are aware of it and they are running the XLM macros commands while calling Win32 APIs and PowerShell commands.

While improving the Microsoft Office 365 services and antivirus solutions are now able to detect the malicious codes that XLM macros are using to stop the malware that tracks itself. It also enables to identify the range of malware and force them to apply more restrictions on what macros are using or executing on runtime.

Conclusion

The visibility assisted by AMSI leads to multiple improvements in generic and resilient signatures that can stop the waves of other muted versions of attacks. The admin is now able to use the Microsoft 365 applications policy while controlling and configuring the XLM and VBA macros that scanned on runtime using the AMSI feature.

The update is available and administrators are now able to download the group policy template files for Microsoft 365 applications from the Microsoft download center.