A macro virus is a type of computer virus that could be stored in macros within a Microsoft 365 file (such as a document, presentation, workbook, or template), or within any ActiveX control, COM add-in, or Microsoft 365 add-in. We refer to macros, ActiveX controls, and add-ins as "Active content".
Microsoft 365Â files that have a macro in them have a different file extension to indicate that they have an embedded macro. For example, a normal modern Word document is a .docx file, but if a macro is added to the file it's saved as a .docm file.
Likewise, a modern Excel workbook is a .xlsx file, and a modern PowerPoint presentation is a .pptx file, but if there are macros in them the Excel file becomes a .xlsm file and the PowerPoint presentation becomes a .pptm file.
For your protection, Microsoft 365 doesn't run active content, like macros, automatically unless the file has been marked as a trusted document or opened from a trusted location. It's usually not necessary to run a macro if all you want to do is view the content of a file or make simple edits to it.
Notes:Â
-
For more information about Trusted Documents, see Trusted documents.
-
For more information about Trusted Locations, see Add, remove, or change a trusted location.
On older versions of Office, you'll may see a message that looks like this:
Do not select Enable Content unless you're certain that you know exactly what that active content does, even if the file appears to come from a person or organization that you trust.
Microsoft 365 can't scan files or locations to find and delete macro viruses, however all modern anti-malware software, such as Microsoft Defender Antivirus, should be able to detect, and block, known macro viruses.
