Is there a way round the - "Mark of the Web"

[Uncle Gizmo]

I understand that Microsoft will be blocking VBA soon, in all files from the web. - Re "Mark of the Web."

I was wondering if there was a way round the the Microsoft induced problem for downloaded MS Access databases containing VBA. I thought, how would Windows know if an MS Access dB contained VBA? I wondered, could it be if a controls event procedure had:- [Event Procedure] in it? Or maybe Windows looks to see if there are active Modules? I don't know, but it occurred to me that a bit of code could be written that could replace:- [Event Procedure] with an empty string "" Maybe that would be good enough to allow the dB to be imported.

I was experimenting with the following code:- (the message box represents capturing the information and storing it in a table ready to add back in to the form later)

Private Sub Command1_Click()
   'Form_Form1.TestCtrl.OnClick = ""
Dim strFrmName As String
strFrmName = "Form1"

    DoCmd.OpenForm strFrmName, acDesign, , , , acHidden
        With Forms(strFrmName)
       
        MsgBox " >>> " & .TestCtrl.OnClick
            .TestCtrl.OnClick = ""
            .TestCtrl.Enabled = False
        End With
       
    DoCmd.Close acForm, strFrmName, acSaveYes
    DoCmd.OpenForm strFrmName
End Sub

It Dawned on me that I wouldn't be able to send this VBA code through with the database anyway! But I might be able to get around that by having a separate database which operates on other dB's remotely.

Any observations, comments, criticisms and advise most welcome!!

 

[Cronk]

I have encountered problems in the past with certain organisations where there's some sort of screening software that prevents transmission to or from their sites. I have been able to get around that by zipping the file and then changing the extension of the file name.

 

[The_Doc_Man]

The recent article in this forum, within the last month IIRC, talked about "ultra-hidden" files and explains "the mark of the web" in some detail. It is an "ultra-hidden" file that can be removed from its visible container (essentially split away from the actual file). You cannot use the file in apps that are sensitive to the mark until you remove it. Isladogs had some comments but lately I haven't seen anything else.

 

[Uncle Gizmo]

"the mark of the web"

Mike Wolfe did a nice article on it here:-

Office to Disable All VBA Code in Files from the Internet

Beginning in April 2022, users will no longer have the option to manually enable VBA code in Office files downloaded from the internet.

nolongerset.com

But it does mean the user has to change the properties of the MS Access Database manually, and I'm not sure that people will be easily persuaded to do that...

 

[Uncle Gizmo]

zipping the file

Yes... I think if you use WinZip it does bypass the problem, but again if you start trying to push people into installing WinZip, you run into the "trust problem" you look like you are getting them to do something which is against company policy, or are you trying to get them to install malware on their computer. It's just not an easy route...

 

[The_Doc_Man]

If you dig around and follow the links in the "ultra-hidden" posts, you would find that there is this feature in Windows that has been here at least since the advent of NFS, called an "alternate stream." The "mark of the net" is like a "cookie" in the alternate stream of the file. It can be manually removed and, in fact, some CMD options exist to find them and modify them. There is a DIR command-line option to help find such things.

 

[NoLongerSet]

I wrote a follow-up article to the one @Uncle Gizmo referenced above with more details about how the mark of the web is actually implemented using alternate data streams: Details about the Mark-of-the-Web (MOTW)