Macro Security and Authenticode in Excel 2013
Excel 2013 uses a system called Microsoft Authenticode that enables developers to authenticate their macro projects or add-ins created with Visual Basic for Applications by a process referred to as digital signing.
When you run a macro in your worksheet that’s not saved in the trusted locations on your computer, such as the Templates and XLSTART folder in your user area on the computer, Excel checks to see whether the macro is digitally signed and that the signature is both valid and current. The macro’s developer must have a certificate issued by a reputable authority or a trusted publisher.
If the program cannot verify a macro’s digital signature (perhaps because it doesn’t have one) or the trustworthiness of its macro publisher, the program then displays a security alert on the message bar underneath the Excel Ribbon. This alert area contains an Enable Content and a Trust Center command button.
You can then click the Enable Content button to ignore the alert and go ahead and run the macro, assuming that you can vouch for the macro’s publisher and are sure that running the macro poses no security risk to your computer.
You click the Trust Center command button in the security alert on the message bar to open the Trust Center dialog box, where you can add to the trusted locations on your computer system and change the macro security settings.
You can also open the Macro Settings tab of the Trust Center dialog box by clicking the Macro Security command button on the Developer tab (Alt+LAS) or clicking the Trust Center Settings button on the Trust Center tab of the Excel Options dialog box (Alt+FTT).
By default, Excel selects the Disable All Macros with Notification option button on the Macro Settings tab of the Trust Center dialog box.
When this setting is selected, all macros that are not saved in one of the trusted locations are automatically disabled in the worksheet, but you do get a security alert each time you try to run one of these macros that enables you to ignore the alert and go ahead and run the macro by clicking the Enable Content button.
The Macro Settings tab of the Trust Center dialog box also contains these other option buttons you can select:
Disable All Macros without Notification to disable all macros not saved in one of your computer’s trusted locations and all security alerts so that you and the other users of the worksheet have no way to ignore the alert and run the macro. Select this option when you don’t trust someone else’s macros and want to make it impossible to run a macro carrying a computer virus.
Disable All Macros with Notification (the default) to control the disabling of macros not saved in one of your computer’s trusted locations and security alerts. When you select this setting, worksheet users can’t ignore the alert and run the macro. Select this option when you want to maintain control over running potentially untrustworthy macros.
Disable All Macros except Digitally Signed Macros to automatically enable digitally signed macros from a publisher that you’ve indicated is trustworthy and to disable all macros that are not digitally signed without notification.
When you select this option and try to run a digitally signed macro that’s not from a publisher you’ve indicated is trustworthy, Excel displays an alert in the message bar with a Trust All Documents from this Publisher button that you can select, thereby adding the publisher to the trusted list.
Enable All Macros (Not Recommended; Potentially Dangerous Code Can Run) to throw all caution to the wind and allow all macros to run in any worksheet you open — this is one option you never ever want to select, because it could cause serious damage to your machine!
To change the trusted locations on your computer, you need to click the Trusted Locations tab in the Trust Center dialog box. You can then use these options to change the location settings:
Add New Location: Use this command button to open the Microsoft Office Trusted Location dialog box, where you select a new folder on your computer as a trusted location either by entering its directory path name in the Path text box or selecting it with the Browse button.
Select the Subfolders of This Location Are Also Trusted check box if you want all subfolders within the designated folder to be included as trusted locations.
Allow Trusted Locations on My Network (Not Recommended): Select this check box so that you can designate folders to which you have access on your local network as trusted locations using the Add New Location command button (as described in the immediately preceding bullet point).
Disable All Trusted Locations: Select this check box to immediately disable all the folders currently designated as trusted locations and allow only macros from publishers designated as trustworthy to run in Excel.