A macro virus is a type of computer virus that could be stored in macros within a Microsoft 365 file (such as a document, presentation, workbook, or template), or within any ActiveX control, COM add-in, or Microsoft 365 add-in. We refer to macros, ActiveX controls, and add-ins as "Active content".

Microsoft 365 files that have a macro in them have a different file extension to indicate that they have an embedded macro. For example, a normal modern Word document is a .DOCX file, but if a macro is added to the file it's saved as a .DOCM file.

Likewise, a modern Excel workbook is a .XLSX file, and a modern PowerPoint presentation is a PPTX file, but if there are macros in them the Excel file becomes a .XLSM file and the PowerPoint presentation becomes a .PPTM file.

For your protection, Microsoft 365 doesn't run active content, like macros, automatically unless the file has been marked as a trusted document or opened from a trusted location. It's usually not necessary to run a macro if all you want to do is view the content of a file or make simple edits to it.

Notes: 

On older versions of Office, you'll may see a message that looks like this:

The Message Bar

Do not select Enable Content unless you're certain that you know exactly what that active content does, even if the file appears to come from a person or organization that you trust.

Microsoft 365 can't scan files or locations to find and delete macro viruses, however all modern anti-malware software - like Microsoft Defender Antivirus - should be able to detect, and block, known macro viruses.

See Also

Enable or disable macros in Office files

Change macro security settings in Excel

Need more help?

Want more options?

Explore subscription benefits, browse training courses, learn how to secure your device, and more.

Communities help you ask and answer questions, give feedback, and hear from experts with rich knowledge.