Information and communications technology security vendor Check Point’s Threat Extraction system removes macros, Java scripts and code-enabled capabilities from documents in a company’s network, preventing malicious scripts from executing processes, says Check Point product manager Noam Green.

The Check Point Threat Extraction system can be deployed through an electronic update, for existing customers, or as an appliance, and Check Point will also provide a cloud threat extraction service for customers during the second quarter of this year.

Although code-enabled capabilities boost the functionality of documents, these capabilities could enable malicious software, or malware, to be programmed into macros and then sent as part of a document to infect a computer.

Check Point removes the code-enabled capabilities of commonly used documents, including Microsoft Office and PDF documents.

“We will broaden the system’s capabilities to remove the scripts in open source documents and other commonly used document formats during the second half of the year,” notes Green.

Employees must sometimes open documents from unknown contacts and company networks are also exposed to employees using cloud-based document-sharing sites, which might increase risks.

“Any document might contain malware and the only way to ensure malware-free documents is to reconstruct the file using known and safe elements. Active content and various forms of embedded objects are extracted from the reconstructed file to eliminate any potential threats.”

However, employees are presented with a link to open the documents with macros intact, if required. The document is then opened in Check Point’s Threat Simulation system, which simulates the operating system and programme required to run a document and analyses the processes executed to identify malicious code.

The Threat Simulation system received a boost after Check Point had acquired Israeli start-up HyperWise, which developed a central processing unit-level threat prevention system to block undetected attacks and identify threats before a process is executed.