While we have sensible defaults, remember these are only effective in the user space Most attacks exploit multiple vectors Strengthen the default configuration through Config Profiles Use CFPreferences to validate intended implementation python -c "from Foundation import CFPreferencesCopyAppValue; print CFPreferencesCopyAppValue('VisualBasicMacroExecutionState', 'com.microsoft.office')" python -c "from Foundation import CFPreferencesAppValueIsForced; print CFPreferencesAppValueIsForced('VisualBasicMacroExecutionState', 'com.microsoft.office')"