This is a tough one.
We developed an Excel VBA AddIn. That's an *.xlam file. This AddIn is quite complex and transforms Excel into a software of it's own (well sort of - it still look pretty much like Excel).
Now we want to increase our security by only allowing signed macros within our company. So we created a certificate, signed our VBA AddIn macro code and installed the certificate. Actually two certificates, one as a trusted root certificate and one in the list of trusted publishers.
And now we want to change the settings in the Excel trust center, so that only signed macros are allowed to run. And this works very well with all of our Excel macros - except with the AddIn.
Here comes the tricky part. The AddIn itself starts and runs. The AddIn checks if a special type of excel file (with a certain custom property) is opened and starts an initialization process. The excel file itself doesn't contain any macros (it's an *.xlsx), but it contains numerous buttons (shape objects) and those are "connected" by the initialization procedure to other procedures (subs/ macros) from the AddIn.
MyWorksheet.Shapes("ShapeName").OnAction = "AddInModuleName.ProcedureName"
This code attaches the VBA subs from the AddIn to the shapes (buttons) in the (macro free) worksheet. So the worksheet becomes wired and functional.
This works very well when no limitations are put on the macros. But in this case with only signed macros allowed to run, the code is not excuted. The buttons are dead.
The code itself is just fine. I can trigger it e.g. with a keyboard shortcut. But the button refuses to run the code. My explanation for this is: By changing the ".OnAction" property of the shape, this itself is regarded as code - at least from a security point of view. So you could argue that I dynamically add "macros" (the OnAction property) to an excel file. And this code is not regarded to be signed. It doesn't inherit the safety level from the code it created.
Whatever the reason my be. My buttons are not working, despite the fact that the code is signed and trusted. Any ideas for workarounds (despite the fact that I could probably use the Excel ribbon instead of a self made interface)?