Forum Discussion
ASR Rule - Block Win32 API Calls from Office Macro
What does this ASR rule really do ?
This question because we see that not only Win32 API Calls are blocked but also x64.
During tests, we used an Excel 64-bit with VBA-code.
First test was VBA-code written in 32-bit.
As example:
Private Declare Function GetTimeZoneInformation Lib "kernel32" ( _
lpTimeZoneInformation As TIME_ZONE_INFORMATION) As Long
2nd test was same VBA-code but written in 64-bit.
As example:
Private Declare PtrSafe Function GetTimeZoneInformation Lib "Kernel32" ( _
lpTimeZoneInformation As TIME_ZONE_INFORMATION) As LongPtr
Both are given the same result.
We can't open the excel.
It is given the message 'Excel cannot access file.xlsm. The document may be read-only or encrypted.'
If we change the ASR rule from Blocked to Not Configured. XLSM is perfectly going open.
- nacho_arCopper Contributor
'Win32 API Calls' actually refers to just Windows API calls, no matter if 32 or 64 bits.
This ASR rule blocks some API calls, MS does not tell which.We were able to identify macros calling APIs by looking for code like 'Declare*Function * lib ' and treat them as potencially being blocked in the future.
Putting the macros in a trusted folder or digitally signing them allows Excel to open the files, but any work done can't be saved as it triggers the rule again, even if the VBA code was not modified. (Apparently the temp file created by excel during save is blocked by the rule) - nbaker_2111Copper Contributor
Koen Van de Loock We're encountering this same issue well.
I've had to turn the rule off because I figure out what i needed to exclude to get it working again correctly.
Have you had any luck with this? - Jacques_DuretCopper Contributor
Koen Van de Loock Hi I have exactly the same issue on old macros. Did you find a fix for it?