Data Loss Prevention

 View Only

  • 1.  DLP Add-In crashes Outlook 2010

    Posted Dec 07, 2011 09:16 AM

    Hi everybody

    After installing a renewed S/MIME-Certificate in Outlook 2010, i recently encountered the following issue:

    When trying to send an encrypted mail, Outlook crashes. The error Messages you can find attached.
    The mentioned Add-In "outlook2k3 addin" corresponds to otlk.dll and is located in the DLP-Agent's install directory.
    If sending a mail signed only, there is absolutely no problem. It only occurs when trying to send encrypted mails.

    It is obvious that, when the corresponding Add-In gets deactivated, Outlook can send encrypted mails again.
    Does this issue come from the fact that the DLP agent can not scan encrypted content of mails and ... freaks out?
    As workaround, I have deactivated the Add-In for the affected users. I am guessing that now there will be no more monitoring of these client's Outlook anymore. Is this assumption correct?
    I don't want to put this workaround in place as a state-of-the-art solution for this issue. So there needs to be another solution.

    Anyone has expierienced this issue as well?
    Does there exist a fix for this?

    If you need further information, I'll try to provide more of it.

    Cheers from Switzerland



  • 2.  RE: DLP Add-In crashes Outlook 2010

    Broadcom Employee
    Posted Dec 11, 2011 09:55 PM

    Here are the steps suggested:

    1. Check if the crash\hang is reproducible without the Endpoint Agent.
    2. Turn off the mail monitoring feature, and observe if the hang\crash is reproducible, this would ensure if the crash\hang is related.
    3. Execute "tasklist /v" and save the output
    4. When Outlook crashes or hangs verify if the following registry entries are present
      1. Click Start, and then click Run.
      2. Type regedit, and then click OK.
      3. Elevate to [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\OutlookAddin.Addin.1]
      4. Check if the following entries are present.
        1. "FileName"="otlk.dll"
        2. "FriendlyName"="Outlook2K3 Addin"
        3. "Description"="ATLCOM Outlook Addin"
        4. "CommandLineSafe"=dword: 00000000
        5. "LoadBehavior"=dword: 00000003
    5. Export the following registry details, which would help in diagnosing the crash.  This contains the details of the add-ins disabled by Outlook, because they had crashed Outlook.
      1. Click Start, and then click Run.
      2. Type regedit, and then click OK.
      3. Elevate to [HKEY_CURRENT_USER\Software\Microsoft\Office\[11.0]\Outlook\Resiliency\DisabledItems] where 11.0 is the version.
      4. Right click -> Export -> Specify a file name and location.
    6. Get the dump of the Outlook process.  One can use Windbg or Dr. Watson for generating the dump.

      Attach WinDbg to Outlook and create a dump file by executing ".dump /ma c:\outlook.dmp" in WinDbg.

      Attach WinDbg to Edpa.exe and create a dump file by executing ".dump /ma c:\edpa.dmp" in WinDbg.