DLP detection issue on Mac OS with Outlook
search cancel

DLP detection issue on Mac OS with Outlook


Article ID: 233134


Updated On:


Data Loss Prevention Endpoint Prevent Data Loss Prevention


  • You have deployed the DLP endpoint agent to your Mac OS machines and have deployed the required MDM profiles
  • In your test environment all is working well but, in production, incidents are not being generated for Outlook.
  • You have verified that the Symantec Outlook Add-in is present in Outlook
  • You have verified that there is a certificate called 'DLP Endpoint Addin Root Certification Authority' in the Keychain Access application
  • In the endpoint agent log files, even in FINEST mode, there is no detection attempt registered for Outlook at all when a test file is sent and no SEVERE or WARNING messages.


Release : 15.7 MP2+,15.8+ , Mac OS

Component : Endpoint, Outlook (16.30+)


  • The DLP Endpoint Addin Root Certification Authority that has been deployed in production is the one from the test environment agent package.
  • Agent certificates are unique to the Enforce server that generated the agent package. Certificates from one environment therefore will not work in another.


  • Ensure that the addin_truststore.pem file from the correct agent package is provided to the MDM profile management team as per Symantec documentation.
  • This file name corresponds to the entry 'DLP Endpoint Addin Root Certification Authority' which can be seen in the Mac's Keychain Access application under System entries (filter on DLP).

Additional Information

With DLP 16.0 you can now use custom 3rd party certificates.  Follow the link here for instructions.