Protection from Project Databases That May Contain Viruses
Understanding Macro Viruses
A macro virus is a computer virus stored in a Macro inside a project database, a template database or an add-in. If you open this type of project database or start a procedure that calls a macro virus, the macro virus can become enabled, can be transferred to your computer and be stored in your personal template database. From that point on, every project database you open could be automatically "infected" with the macro virus - and if other people open these infected project databases, the macro virus is transmitted to their computers.
Security Levels in FlexPro
FlexPro offers the following levels of security to reduce the chances that macro viruses will infect your project databases, templates databases or add-ins:
•High You can run only macros that have been digitally signed and that you confirm are from a trusted publisher. Before trusting a source, you should confirm that the source is reliable and uses a virus scanner before signing macros. Unsigned macros are automatically disabled, and FlexPro opens the project database without any warning.
•Medium FlexPro displays a warning whenever it encounters a macro from a source that is not on your list of trusted publishers (described further down). You can choose whether to enable or disable the macros when you open the project database. If the project database might contain a virus, you should choose to disable macros.
•Low If you are sure that all the project databases and add-ins you open are safe, you can select this option, which turns off macro virus protection in FlexPro. At this security level, macros are always enabled when you open project databases.
If your network administrator has not enforced a security level for your organization, you can change the security level. If the security level for FlexPro is set to Medium or High, you can maintain a list of trusted macro sources. When you open a project database or load an add-in that contains macros developed by any of these sources, the macros are automatically enabled. Learn about Security Levels in FlexPro.
Digital Signatures
If you have Microsoft Internet Explorer version 4.0 or later installed on your computer, one way to identify that a macro is safe to use is by its digital signature. A digital signature on a macro is like a stamp on an envelope - it confirms that the macro originated from the macro developer who signed it and that the macro has not been altered.
When you open a project database or load an add-in that contains a digitally signed macro, the digital signature appears on your computer as a certificate. The certificate names the macro's source, plus additional information about the identity and integrity of that source. A digital signature does not necessarily guarantee the safety of a macro, and you must decide whether you trust a macro that has been digitally signed. For example, you might trust macros signed by someone you know or by a well-established company. If you are unsure about a project database or add-in that contains digitally signed macros, carefully examine the certificate before enabling macros or, for the highest level of security, disable the macros. If you know you can always trust macros from a particular source, you can add that macro developer to the list of trusted publishers when you open the project database or load the add-in.
If you yourself develop macros with FlexPro Professional or FlexPro Developer Suite, you can sign macros from within the Visual Basic Editor.
See Also
Adding a Macro Developer to the List of Trusted Publishers
Removing a Macro Developer from the List of Trusted Publishers