DLP Endpoint agent Office plug-ins tampered with

book

Article ID: 197699

calendar_today

Updated On:

Products

Data Loss Prevention Endpoint Prevent Data Loss Prevention

Issue/Introduction

Data Loss Prevention (DLP)
Endpoint Agent
Office plug-in

Getting warnings that Word, Excel, PowerPoint plugins are tampered after upgrading the endpoint agent to 15.7 GA.

The DLP Endpoint Office plug-ins are failing to load.
The endpoint logs show errors saying the plug-in is tampered with.

DLP Word plug-in is tampered with
DLP Excel plug-in is tampered with
DLP PowerPoint plug-in is tampered with

Cause

We have found the possible causes:

  • Office is set to only trust signed add-ins
  • GPO configuration.
  • A defective Office language pack was causing the DLP Endpoint Agent Office plug-ins to fail to load.

Environment

Release : 15.7

Component : Endpoint Agent Microsoft Office plug-ins

Windows 10 1909
Office 2016 32-bit

Resolution

If Office is set to only trust signed add-ins see this KB.

For the GPO configuration, we reproduced the issue using the GPO policy instructions mentioned in this link;
https://docs.microsoft.com/en-us/office365/troubleshoot/group-policy/office- add-in-not-loaded

The important point to note is that when the policy add-ins are set to a value of 2, the user will have the option to enable the add-ins.
Once the "Enable Content" button is pressed, all add-ins are set to "Active", not just the DLP add-ins.

 

For the defective Office language pack, we repaired the defective Office language pack.