Outlook Add-In and Incident Generation
Quite some time ago I found out that when the DLP Outlook Add-In gets disabled (manually or when in conflict with other Outlook Add-Ins doesn't matter), no incidents are being generated.
In fact, this means that any message sent through Outlook (2010) is completely (!!) bypassing the DLP agent.
We are using this feature as a response to display a warning or blocking message to our users as they are trying to send classified data via mail.
First, I thought the Add-In is used to only display these mentioned pop-ups. But it actually seems to provide the whole DLP functionality to Outlook (!!).
No Add-In = No DLP of mails sent through Outlook, even though the Agent and the service are active on the respective system.
Currently, we are using not the latest version of DLP (v11.0), but after reading the release notes of version 11.6 it seems this issue is not touched/solved/changed in any manner.
To me/us, this is actually quite a biggie and starts to raise quite some major concerns about the product.
I understand that this might not be the mostly reported issue and perhaps didn't even raise an incident at all. Bus as I think, this fact is not quite the way Symantec and - for sure - the customers want this feature to work, this needs to be looked at in a proper way.
If there is *any* possibility to make it impossible to deactivate the Add-In and therefor ensure the information chain is monitored, I would be absolutely greatful to know.
It even would help to know that this is an issue on the watchlist / waiting list to be solved, so this information can be passed to the management.
Any questions? Please don't hesitate to ask.