Hi,

Is the only way to rely on a realtime scanner or is the MS Office "high/trust only MS add-ins" setting enough to stay protected? And which key do I need to add to my reg monitor to protect this setting? Also, can tools like Script Sentry really protect against this kind of stuff? :)

Most antivirus vendors offer protection for macro viruses. Frequently Asked Questions About Word Macro Viruses (http://support.microsoft.com/kb/187243)

You can see how many av programs perform against known macro viruses at the link below. Go to Comparatives-->15. On-demand comparatve, August 2007, Online Results which is a pdf.

http://www.av-comparatives.org/

The default settings of Office are good against untrusted macros.
More info in these (http://www.wilderssecurity.com/showthread.php?t=158624) threads (http://www.wilderssecurity.com/showthread.php?t=177908) :)

I got a question, why not just keep the "Micro-Viruses" constricted to a sandbox, like with Sandboxie? Then you don't have to worry about this, just delete the sandbox, and the "micro-virus" is gone!

From the KB article mentioned by ronjor:
{QUOTE-> 1. Q. What are Word macro viruses?

A. Macro viruses are computer viruses that use an application's own macro programming language to distribute themselves.

...

3. Q. How did I get the macro virus?

A. You worked with a file that was infected with a Word macro virus. An infected file can be obtained any of the following sources:disks
networks
email attachments
modems
the Internet. <-QUOTE}The implications are,

1) That the infected document needs to be viewed in an application that will run macro programing code.

2) That the user has to view a document created or edited by someone else.

It's assumed that one's own security policies include not opening documents from unknown sources via any of the media above.

If you do view others' documents, receiving them from a trusted source is not an indication of a "clean" document. It could have been infected without the other person knowing it. This used to be very prevalent in education environments.

Scanning documents may or may not catch the virus. The suggestion by Terror_Eyez to sandbox may be another way.

Another solution is to view the document in an application that will not run programming code, thus, insuring preventions per 1) in the article.

This was my solution in my years as an educator. Those of us that worked this way were able to say as did Terror_Eyez,

{QUOTE-> Then you don't have to worry about this, <-QUOTE}

----
rich

Thanks for the feedback everyone, the reason why I asked was because I refuse to run a realtime scanner, and malware might be able to change the "macro protection" setting in Office, so does anyone know which key to protect?