DLP Endpoint agent Office plug-ins tampered with
Article ID: 197699
Updated On:
Products
Issue/Introduction
Data Loss Prevention (DLP)
Endpoint Agent
Office plug-in
Getting warnings that Word, Excel, PowerPoint plugins are tampered after upgrading the endpoint agent to 15.7 GA.
The DLP Endpoint Office plug-ins are failing to load.
The endpoint logs show errors saying the plug-in is tampered with.
DLP Word plug-in is tampered with
DLP Excel plug-in is tampered with
DLP PowerPoint plug-in is tampered with
Environment
Release : 15.7, 15.8, 16.0
Component : Endpoint Agent Microsoft Office plug-ins
Windows 10 1909
Office 2016 32-bit
Cause
Possible causes:
- Office is set to only trust signed add-ins
- GPO configuration.
- A defective Office language pack was causing the DLP Endpoint Agent Office plug-ins to fail to load.
Resolution
If Office is set to only trust signed add-ins see this KB. (How to export DLP Office add-in certificate and distribute via GPO)
For the GPO configuration, we reproduced the issue using the GPO policy instructions mentioned in this link:
https://docs.microsoft.com/en-us/office365/troubleshoot/group-policy/office- add-in-not-loaded
The important point to note is that when the policy add-ins are set to a value of 2, the user will have the option to enable the add-ins.
Once the "Enable Content" button is pressed, all add-ins are set to "Active", not just the DLP add-ins.
For the defective Office language pack, repair the defective Office language pack.
Feedback
