How do you let staff keep using the macros and scripts they need without lowering your guard against malicious code?
OrgSeal
Download it. Vet it. Sign it. Trust it.
OrgSeal is a self-service portal that assesses Microsoft Office macros, PowerShell, and executables for malicious behaviour — and digitally signs the ones that are safe. The fast, auditable way to let your people keep using the code they need, without leaving the door open.
Two independent checks before signing
Signs only what is proven clean
Built in Australia for Australian compliance
Macros and scripts are useful. They're also how attackers get in.
Office macros, PowerShell, and unsigned executables remain one of the most common ways malicious code reaches a workstation. The safe answer — block everything unsigned — works, right up until the finance team needs their spreadsheet macro or an engineer needs a deployment script.
The usual alternatives are all bad in their own way:
- Allow everything unsigned, and you've accepted the risk.
- Block everything unsigned, and you've broken the business.
- Assess each file by hand, and you've built a queue your security team will never clear.
- OrgSeal removes the trade-off: every file is assessed automatically, and only the clean ones get signed.
Can you show an assessor exactly how every macro was vetted before it was signed — file by file?
How long is the review queue when every macro, script, and executable has to be checked by hand?
What happens when malicious code stays dormant the moment it senses a sandbox, then runs later?
Can you evidence macro and executable controls across every Australian framework you're assessed against?
How do you keep signed files valid after your code-signing certificate expires?
Assess automatically. Sign only what's clean.
OrgSeal runs every file through a two-stage evaluation, then applies the correct digital signature only to the ones that pass. Most tools make one kind of check and trust it. OrgSeal makes two — because the ways code hides are different, and one method's blind spot is the other's strength.
When the result is anything other than conclusively clean, the file is held for a person to review — never signed on a guess. Single files or bulk uploads, through the portal or straight from your own systems via API.
Tier 1 — Behavioural detonation
- Each file is detonated in an isolated sandbox and watched at the system level — what it touches, what it runs, where it tries to connect.
- Catches code that behaves maliciously when it executes, including macros and scripts written to evade simpler scanning.
Tier 2 — Static source-level analysis
- OrgSeal reads the actual code: macro source is extracted and analysed directly, and scripts are analysed as the source they already are.
- Catches what detonation can miss — code that stays dormant when it senses a sandbox, time-delayed payloads, and source tampered so that what runs isn't what you think you're reading.
Fail-safe by design
- A confirmed malicious detonation can never be overridden.
- Anything short of a conclusively clean result is held for human review, never signed on doubt.
Three steps. No specialist skills required.
OrgSeal takes a file from upload to a trusted, signed result — with a decision recorded at every step:
- Upload a file through the portal — a macro-enabled document, a PowerShell or other script, or an executable. No security expertise needed.
- OrgSeal runs it through the two-stage engine: dangerous files are rejected with the reasons recorded, and clean files are signed with the correct signature for the file type.
- Download a signed file ready to run under your trusted-publisher policy, with every sign-or-reject decision logged for audit.
Single files or bulk uploads, through the portal or straight from your own systems via API — with a full audit trail either way.
Built for the obligations you actually have to meet.
Controls on Office macros and executable code are now written into Australian security frameworks across government, health, and critical infrastructure. OrgSeal helps you meet them — and gives your assessors the evidence they ask for.
Mapped to the frameworks you're assessed against:
- ACSC Essential Eight
- Protective Security Policy Framework (PSPF)
- Australian Digital Health Agency (ADHA)
- Australian Energy Sector Cyber Security Framework (AESCSF)


