ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Outlook crashes when attempting to send a Shared Link attachment

book

Article ID: 172551

calendar_today

Updated On:

Products

Endpoint Protection Data Loss Prevention Endpoint Prevent

Issue/Introduction

You find that Outlook, either as part of Microsoft's cloud-based Office 365 offering or the stand-alone Office 2016, crashes when the Symantec Endpoint Protection (SEP) or Data Loss Prevention (DLP) Outlook add-in is enabled. More specifically, the issue occurs when you attempt to send a message that includes a Shared Link attachment, in a manner similar to the following:

  1. Open Outlook.
  2. Click the New Email button.
  3. Enter yourself as the receiver and Test as the subject.
  4. Click Attach File > Browse Web Locations > OneDrive or Group Files.
  5. Browse to the file to be added and double-click it.
  6. In the How do you want to attach this file? pop-up window, click the Share Link button.
  7. When the file has been attached, click the Send button.

The following two events, with sources Application Error and Outlook, respectively, both with event ID 1000 are logged in the Windows Application log:

Faulting application name: OUTLOOK.EXE, version: 16.0.9126.2275, time stamp: 0x5b637186
Faulting module name: mso20win32client.dll, version: 0.0.0.0, time stamp: 0x5b2f3d24
Exception code: 0x011c6784
Fault offset: 0x0015480b
Faulting process id: 0x9fc
Faulting application start time: 0x01d44c36665cf4a3
Faulting application path: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
Faulting module path: C:\Program Files (x86)\Common Files\Microsoft Shared\Office16\mso20win32client.dll
Report Id: eea9b3c8-b829-11e8-982f-0205857feb80

and

Add-in execution error. Outlook crashed during the 'ItemSend' callback of the 'ApplicationEvents' interface while calling into the 'Outlook Addin' add-in.

The dump, when analyzed using the Windows Debugger, shows a stack text similar to the following (if the DLP add-in is active, otlk will replace SEPOutlookAddin in the output below):

00 00000075`fcaf8fb0 00007ff6`376e5ed2 mso20win32client!Ordinal2055+0x43
01 00000075`fcaf9000 00007ff6`365a3cd0 OUTLOOK!HrFixupMessagePropsSimple+0x144602
02 00000075`fcaf90a0 00007ff6`365a3787 OUTLOOK!StdCoCreateInstance+0x7750
03 00000075`fcaf9200 00007ff6`36636be6 OUTLOOK!StdCoCreateInstance+0x7207
04 00000075`fcaf9310 00007ff6`36637c01 OUTLOOK!GetMsoInst+0x28c6
05 00000075`fcaf93b0 00007ff6`36637f5c OUTLOOK!GetMsoInst+0x38e1
06 00000075`fcaf9620 00007ff6`3753b271 OUTLOOK!GetMsoInst+0x3c3c
07 00000075`fcaf9670 00000000`509f442b OUTLOOK!HrAddRecipientsToNickNameCache+0x6f441
08 00000075`fcaf96c0 00000000`509f34bb SEPOutlookAddin+0x3b 
09 00000075`fcaf9700 00000000`509eadf7 SEPOutlookAddin+0xfb
[...]

Mso20win32client.dll is a shared Office 2016 library.

Environment

  • Outlook (Office 365) version 1801 to 1804
  • Outlook (Office 2016)
  • Symantec Endpoint Protection
  • Data Loss Prevention

Resolution

Our internal investigation eventually showed that the September 11, 2018 Monthly and Semi-Annual (Targeted) channels' version 1808 (build 16.0.10730.20102) resolved the issue. Microsoft would later affirm the issue, as well as that it had been fixed in build 16.0.9231.1000, specifically. Hence, the issue should no longer be present in build 16.0.9330.x (version 1805) or higher. Please contact Microsoft if you should have any further queries in relation to their issue.