All Groups

Locky Mitigation

Leave a comment

GPOs to mitigate Locky (a newer piece of ransomware that encrypts files) will be implemented at the end of the day for the following units:

Academic Affairs
Academic Programs
Alumni Relations
Board of Trustees
Counseling and Psychological Services
Enrollment Management
Finance and Administration
Financial Aid and Scholarships
Graduate School
Information Services
Institutional Research
International Programs
Office of Admissions
Office of Audit Services
Office of the General Counsel
Office of the President
Office of the Provost
Office of the Registrar
Research Office
Student Affairs
Student Life
Undergraduate Studies
University Shared Services Enterprise

The specific settings that the GPOs enforce are:

  • VBA Macros that are not digitally signed are not able to execute (no notification is provided, it’s as if it wasn’t there at all)
  • VBA Macros that are digitally signed are disabled by default, but the notification bar will be displayed to allow the user to enable the content
  • 2016 only: Word/Excel/Powerpoint files from the internet are not able to run macros at all

For unsigned macros that need to run, there are two routes to get things enabled:

Option one: digitally sign the macros. Folks can request a code signing cert via the process at http://is.oregonstate.edu/dca-support/dca-service-request-forms/webform/incommon-ssl-certificate-request-preferred-ssl-option
Once the macro is signed, it will be able to run normally.

Option two: put the file in question in a trusted location. Trusted locations should be used as sparingly as possible. Never set up the built in downloads/documents/other common folders as trusted, as it means all outside files will be trusted by default!

To add a trusted location to any office application:

File -> Options
Click on the Trust Center heading on the left
Click on the Trust Center Settings… button to open the trust center
Click on the Trusted Locations heading on the left
If you will be adding a network location, you must check the “Allow Trusted Locations on my network (not recommended)” box first
Click on the Add new location…
Enter the path to the trusted folder, or browse to it
If subfolders of that folder should also be trusted, there is an option for that
(optional) Enter a description
Click on OK/OK/OK to close out of the Trust Center
Reopen any documents in the newly trusted locations1 2 3

Print Friendly, PDF & Email

Leave a Reply