Configuration
Active Content Configuration
Overview
- Active content is executable or dynamic content in files, for example JavaScript in PDFs, macros in Office documents, or scripts in SVG images.
- This page lets you enable or disable detection for each content type in each Protection Profile.
Accessing Active Content Settings
- Go to Settings → File Scan
- Scroll to Advanced Configuration
- Click the Active Content Configuration tab
How It Works
When active content is detected in a file and the Block Active Content setting is enabled in Scan Configuration, the file is blocked.
Common Active Content Types
| Content Type | Found In | Risk |
|---|---|---|
| JavaScript | PDF, HTML, SVG | Script execution, phishing |
| VBA Macros | Word, Excel, PowerPoint | Malware delivery, data exfiltration |
| Embedded OLE Objects | Office documents | Hidden executables |
| DDE (Dynamic Data Exchange) | Excel, Word | Remote code execution |
| Flash/ActionScript | PDF, SWF | Exploits, malware |
| Embedded Files | Hidden payloads | |
| Auto-Open Actions | PDF, Office | Automatic execution on open |
| External Links | Office, PDF | Data exfiltration, phishing |
Each Protection Profile can have different active content settings.
Best Practices
- Start with all detections enabled and disable only what your business needs.
- Always block JavaScript in PDFs because this is a common attack vector.
- Review changes carefully