There are many spear phishing campaigns that leverage macros in Microsoft Office documents, as part of multi-staged attacks to deploy the malware (e.g. ransomware).
The Malicious Macro detection engine significantly increases Threat Emulation's ability to detect and block documents containing malicious macros. The technology is based on signature-less heuristic algorithms that perform deep static inspection of macro content.
Static macro detection is added to Threat Emulation's existing dynamic analysis for documents with macros. These technologies work together to provide increased security.
This technology is a part of Threat Emulation Engine Update 48.990000056 released on 09 Jan 2017.
Related Solution: sk95235 - Threat Emulation Engine Update - What's New?.
This solution has been verified for the specific scenario, described by the combination of Product, Version and Symptoms. It may not work in other scenarios.