1.4.7.2.1.10 Ensure 'Default File Block Behavior' is set to Enabled (Blocked files are not opened)

Information

This policy setting allows you to determine if users can open, view, or edit Excel files. The recommended state for this setting is: Enabled. (Blocked files are not opened) By default, users can open, view, or edit a large number of file types in Excel. Some file types are safer than others, as some could allow malicious code to become active on user computers or the network. For this reason, disabling or not configuring this setting could allow malicious code to become active on user computers or the network.

Solution

To implement the recommended configuration state, set the following Group Policy setting to Enabled. User Configuration\Administrative Templates\Microsoft Excel 2016\Excel Options\Security\Trust Center\File Block Settings\Set Default File Block Behavior Impact: Enabling this setting prevents users from opening, viewing, or editing certain types of files in Excel. Productivity in your organization could be affected if users who require access to any of these file types cannot access them.

See Also

https://workbench.cisecurity.org/files/569

Item Details

Category: SYSTEM AND INFORMATION INTEGRITY

References: 800-53|SI-3c.2.

Plugin: Windows

Control ID: cbec500f2fe6962a8b9bc8701e62aa0b43075fc3a04d993a5a2830a21fb9a6db