A macro virus is a type of computer virus that could be stored in macros within a Microsoft 365 file (such as a document, presentation, workbook, or template), or within any ActiveX control, COM add-in, or Microsoft 365 add-in. We refer to macros, ActiveX controls, and add-ins as "Active content".
Microsoft 365 files that have a macro in them have a different file extension to indicate that they have an embedded macro. For example, a normal modern Word document is a .DOCX file, but if a macro is added to the file it's saved as a .DOCM file.
Likewise, a modern Excel workbook is a .XLSX file, and a modern PowerPoint presentation is a PPTX file, but if there are macros in them the Excel file becomes a .XLSM file and the PowerPoint presentation becomes a .PPTM file.
For your protection, Microsoft 365 doesn't run active content, like macros, automatically unless the file has been marked as a trusted document or opened from a trusted location. It's usually not necessary to run a macro if all you want to do is view the content of a file or make simple edits to it.
Notes:
-
For more information about Trusted Documents see Trusted documents.
-
For more information about Trusted Locations see Add, remove, or change a trusted location.
On older versions of Office, you'll may see a message that looks like this:
Do not select Enable Content unless you're certain that you know exactly what that active content does, even if the file appears to come from a person or organization that you trust.
Microsoft 365 can't scan files or locations to find and delete macro viruses, however all modern anti-malware software - like Microsoft Defender Antivirus - should be able to detect, and block, known macro viruses.
