A macro virus is a type of computer virus that could be stored in macros within an Microsoft Office file (such as a document, presentation, workbook, or template), or within any ActiveX control, COM add-in, or Office add-in. We refer to macros, ActiveX controls, and add-ins as "Active content".

Microsoft Office files that have a macro in them have a different file extension to indicate that they have an embedded macro. For example, a normal modern Word document is a .DOCX file, but if a macro added to the file it's saved as a .DOCM file. Likewise, a modern Excel workbook is a .XLSX file, and a modern PowerPoint presentation is a PPTX file, but if there are macros in them the Excel file becomes a .XLSM file and the PowerPoint presentation becomes a .PPTM file.

For your protection, Office doesn't run active content automatically unless the file has been marked as a trusted document or opened from a trusted location.


For all other files containing a macro or other active content you'll usually see a message that looks like this:

The Message Bar

Do not select Enable Content unless you're certain that you know exactly what that active content does, even if the file appears to come from a person or organization that you trust.

Note: Opening a file with macros disabled might limit the file's expected functionality.

Office can't scan files or locations to find and delete macro viruses, however all modern anti-malware software - like Microsoft Defender Antivirus - should be able to detect, and block, known macro viruses.

See Also

Enable or disable macros in Office files

Change macro security settings in Excel

Need more help?

Expand your skills
Explore Training
Get new features first
Join Microsoft Insiders

Was this information helpful?

What affected your experience?

Thank you for your feedback!