When the product is configured properly for third-party add-ins, DLP Outlook add-in sets itself to bypass mode if the following Outlook add-in is installed and active. This issue can be caused due to misconfiguration of DLP and third-party for Outlook. Setting up third-party add-in for Outlook is a two-step configuration:
- In Policy Catalog, open the Windows Client Configuration. Select Settings, Operational Mode and Modules and verify that you selected the Activate 3rd Party Add-in Integration under Outlook Add-ins.
- In Settings, Email Protection, select the Vendor Name from the drop-down list in the Outlook 3rd Party Add-in Integration option.
If you misconfigure and skip selecting the vendor name for
Outlook 3rd Party Add-in Integration, multiple incidents get generated from the endpoint.
To verify that the third-party add-in and DLP add-in has scanned the email, see the block incidents in
HDLP_OThirdParty.log and
HDLP_Outlook.log logs.
HDLP_OThirdParty.log - This log file is generated only when third-party plug-ins are enabled for email protection. It contains details about the email scanned by third-party plug-ins:
[ERROR][OutlookEmailAnalyzerImp::analyzeEmailWithParam(1038)]> Third Party support: Third Party classification parameter: TLPropertyRoot=Titus;Classification=t_class_1;
[ERROR][OutlookEmailAnalyzerImp::analyzeEmailWithParam(1036)]> Third Party support: Start analyzing outgoing email
[INFO][OutlookEmailAnalyzerImp::handleEmail(1629)]> Received block operation from agent, blocking email send
Similar log entries can be found in
HDLP_Outlook.log:
[OINFO] [Outlook Probe] [MailInspector::HandleOutgoingEmail] Received block operation from agent, blocking email send