 Hello, Didier Stevens here, Senior Handler at the Internet Storm Center. I'm going to show you a feature in Office 2019 and 2021 that protects you from malicious ISO files. Like this one here that I have on the desktop. So assume that this comes typically sent to you via email as an attachment and you have an ISO file as an attachment and it contains a malicious document. Now here I have the file here and I also put a mark of the web on it. So there's an alternate data stream here that marks this file as coming from the Internet. If I double click here on Windows 10, I see the content of the ISO file and it contains a .m file. So word document with macros. If you look at these properties, no mark of the web and if we open this with this version of Office 2019, which is not up to date, it hasn't been updated here in this virtual machine in this snapshot for more than a year and you can see we see immediately the security warning. So we are not in protected view. Let me close that and now I'm going to update to the latest version of Office like this. Okay, we should be updated. Let's see if the update worked. Let's try this again. Still no mark of the web because we haven't updated Windows. This is Office that was updated and now as you can see we are in protected view first. Of course if I say then enable editing, then we have the security warning. Now if you want to test things like this and you want to put in that mark of the web, I have several small blog posts that explain how to do this. So I also have a tool, zone identifier, you run it on the ISO file and then it puts in the alternate data stream, zone.identifier with this data and that marks it as coming from the web. You can also do that with Notepad. If you remember exactly what you have to type, so demo ISO, zone identifier and that is the data that you have to put inside that alternate data stream. So if you want to test for example RAR files, zip files or anything else.