Are there security concerns with allowing xlsm files as attachments?

puffysleaves
Tera Expert

‎07-18-2019 11:09 AM

I'm trying to figure out if I should allow xlsm files (Excel Macro Enabled Workbook) into our instance. I want to say "no" just because those files can use VB and I don't know what code people write. 

Does anyone know if there are security concerns with allowing xlsm files into ServiceNow? 

Labels:
0 Helpfuls
  • 3,226 Views
2 REPLIES 2

johnfeist
Mega Sage
Mega Sage

‎07-18-2019 11:38 AM

Hi PuffySleaves,

You are correct that xlsm files can contain all sorts of code.  However, how would that code get launched.  As far as I know, there is no way to run an xlsm or other MSFT application within your ServiceNow instance.  You might open a HI ticket to get a definitive answer.

Hope that helps.

:{)

Helpful and Correct tags are appreciated and help others to find information faster

Hope that helps.

:{)

Helpful and Correct tags are appreciated and help others to find information faster
0 Helpfuls

Chris McDevitt
ServiceNow Employee
ServiceNow Employee

‎07-19-2019 07:48 AM

PuffySleaves,

 

Any attachment that could be downloaded should be though of as potentialy harmfull to your environement. With this in mind, think about the layers of protection that your orgnization has in place and weigh the risk and reward for allowing that type of file. The very first qustion you need to ask is what business value does storing file type X as an attachement on ServiceNow have?

 

Second, you might want to investigate 'virus' scanning on the ServiceNow platform:

https://docs.servicenow.com/bundle/madrid-platform-administration/page/administer/security/concept/a...

 

Please smash the helpfull or correct button!