DLP Endpoint agent Office plug-ins tampered with
search cancel

DLP Endpoint agent Office plug-ins tampered with


Article ID: 197699


Updated On:


Data Loss Prevention Endpoint Prevent Data Loss Prevention


Data Loss Prevention (DLP)
Endpoint Agent
Office plug-in

Getting warnings that Word, Excel, PowerPoint plugins are tampered after upgrading the endpoint agent to 15.7 GA.

The DLP Endpoint Office plug-ins are failing to load.
The endpoint logs show errors saying the plug-in is tampered with.

DLP Word plug-in is tampered with
DLP Excel plug-in is tampered with
DLP PowerPoint plug-in is tampered with


Release : 15.7, 15.8 

Component : Endpoint Agent Microsoft Office plug-ins

Windows 10 1909
Office 2016 32-bit


Possible causes:

  • Office is set to only trust signed add-ins
  • GPO configuration.
  • A defective Office language pack was causing the DLP Endpoint Agent Office plug-ins to fail to load.


If Office is set to only trust signed add-ins see this KB. (How to export DLP Office add-in certificate and distribute via GPO)

For the GPO configuration, we reproduced the issue using the GPO policy instructions mentioned in this link;
https://docs.microsoft.com/en-us/office365/troubleshoot/group-policy/office- add-in-not-loaded

The important point to note is that when the policy add-ins are set to a value of 2, the user will have the option to enable the add-ins.
Once the "Enable Content" button is pressed, all add-ins are set to "Active", not just the DLP add-ins.


For the defective Office language pack, repair the defective Office language pack.