Register today for Zero Trust World 2026!
Contact us
833-292-7732
BACK TO BLOGS Back to Press Releases
Block this first: the critical baseline every IT team needs
July 8, 2025

Block this first: the critical baseline every IT team needs

Written by:

Table of contents

Text Link

Cyberattacks are increasingly sophisticated, and that means the fundamentals matter more than ever. One of the first steps in establishing a secure IT environment is to disable legacy protocols like SMBv1 and lock down macro behavior in Microsoft Office. These simple changes can dramatically reduce your attack surface.

Block SMBv1, SMB ports and auditing SMB usage

SMBv1 (Server Message Block version 1) is a legacy protocol that lacks encryption and has multiple well-known vulnerabilities. Keeping it active leaves your environment open to attack—even in otherwise modern environments. In fact, SMBv1 was a key vector in the global WannaCry ransomware outbreak, which spread rapidly across networks by exploiting unpatched systems running this protocol.

Even if you’re using newer versions like SMBv3, the principle of least privilege still applies: if a machine or user doesn’t need SMB, block it.

Group Policy (from config.office.com)

Steps for configuring macro settings via cloud policy:

Navigate to Group Policy Management, then Group Policy Management Editor.

Step one: On the lefthand navigation pane, select User Configuration > Administrative Templates > Microsoft Access 2016 > Trust Center.

Step two: We want to enable Block macros from running in Office files from the internet, and VBA Macro Notification Settings.  

NOTE: Enable these settings per office app (Word, Excel, Access etc.).

  • SMBv1 or CIFS (445) – If needed, use SMBv3
  • Config Tip: To disable SMBv1 from PowerShell: Disable-WindowsOptionalFeature -Online -FeatureName SMB1Protocol
  • Config Tip: To enable SMBv2/v3 from PowerShell: Set-SmbServerConfiguration -EnableSMB2Protocol $true

ThreatLocker (Config Manager)

Steps for configuring macro settings in ThreatLocker (Config Manager):

Step one: Sign in to the ThreatLocker portal and navigate to Config Manager module:

Step two: Password protection settings:

  1. Under the New Policy section, click on Drop down menu.
  1. On the drop-down page, look for Configure downloaded office macros.
  1. Once created, click Deploy Policies to apply the configuration to your endpoints.

Like what you see? There's more.

Register for the no-cost ThreatLocker webinar series 100 days to secure your environment today.

ABOUT THE AUTHOR

TAKE CONTROL OF YOUR ORGANIZATION'S SECURITY

Request your 30-day trial to the entire ThreatLocker platform today.

Try ThreatLocker

Ready to try out the ThreatLocker® platform?

Request a free 30-day trial today and see how ThreatLocker can take your organization's security to the next level.

Click X to close