Featured image for the NumXLUI.xlam Not Valid Add-in blog

Error: NumXLUI.xlam is not a valid add-in!

Many customers reported that a strange error window popped up when they tried to activate the NumXL Toolbar (NumXLUI.xlam). The Error states: “NumXLUI.xlam is not a valid add-in” or “NumXLUI.xlam file format or file extension is not valid…”.

The error message is triggered by Windows Defender when the “Block Win32 API calls from Office macros” rule is set.

During a recent update to the Windows Security and Microsoft Defender for Endpoint service, user devices experienced a series of false positive detections for the Attack Surface Reduction (ASR) rule “Block Win32 API calls from Office macro” after updating to security intelligence build 1.381.2140.0.

This new rule blocks VBA macros trying to call Win32 APIs and prevents the NumXL toolbar from loading. In a few cases, users reported that their Antivirus (AV) programs popped warning messages on their screen of a “potentially malicious behavior” and blocked the add-in from loading.

Diagnosis:

There is no malware in our product. We developed NumXL entirely by ourselves and did not outsource any part.

Furthermore, all executable files (i.e., DLL, EXE, and XLAM) from NumXL are signed with a Code Signing certificate, ensuring that the files are from our company, Spider Financial Corp, and have not been tampered with. You can verify this information on the certificate.

As an extra protection layer In Excel, you can choose to disable all macros except digitally signed macros or require application add-ins to be signed by a trusted publisher.

Why do VBA macros call Win32 API?

NumXL UI uses a few Windows API calls for its core functionality, such as reading certain parts of the registry (for example, to determine whether the user is utilizing the 32-bit or 64-bit edition of Excel), storing items in memory, reading the user’s language settings for Windows and Excel, and accessing the user’s application data folder to store settings, among other functions.

Solution

If your organization has the “Block Win32 API Calls from Office Macros” rule applied in combination with “block mode,” you can still use NumXL by adding an exception for our files.

  1. Exclude our installation folder:
    • For 64-bit Installation, exclude the “%Program Files%\NumXL” folder.
    • For 32-bit Installation, exclude the “%Program Files(x86)%\NumXL” folder.
  2. Exclude our Toolbar add-in file (NumXLUI.xlam) in the installation folder.

To learn more, please check out the following guidelines (Microsoft):

 

Conclusion

The “NumXLUI.xlam” error message is due to a new rule in the latest Windows security update. It is not indicative of malware in our product, NumXL. You can resolve this issue by adding an exception for our files, following the guidelines provided by Microsoft. We appreciate your understanding and cooperation and assure you of our continued commitment to the security and functionality of our software.

0 Responses

  1. Fixed! I have found an easier solution that worked perfectly for me:
    (1) Close Microsoft Excel, if it is open.
    (2) Copy the NumXLUI.xlam file from the NumXL installation folder (C:\program files\NumXL) to the Microsoft add-ins folder in your profile (C:\users\<username>\AppData\roaming\Microsoft\AddIns).
    (3) Launch/Open Microsoft Excel and create a blank workbook.
    (4) Open the Excel add-ins manager: File tab –> options –> Add-ins, then press the “Go” button.
    (5) In the Excel add-ins manager, select the NumXL Toolbar from the list and click the browse button.
    (6) Browse and select the “NumXLUI.xlam” file in the Microsoft add-ins folder of your profile (see above).
    (7) The add-ins manager will prompt you to confirm replacing the existing NumXL Toolbar entry. Confirm the action.
    (8) Click the “OK” button to close the add-ins manager.

    The NumXL Toolbar should be visible now in Excel.

Leave a Reply

Your email address will not be published. Required fields are marked *

We are glad you have chosen to leave a comment. Please keep in mind that comments are moderated according to our comment policy.