If you run the Outlook Client Sensor, the following message may pop up:
This may mean that:
- No AV is running on that computer
- The AV is outdated
- An internal system policy is in place
How to Verify ?
- Open the Outlook client
- Open Options / Trust Center / Trust Center Settings
- Click on Programmatic Access
- Check the AV Status
- if Invalid is shown, please check your antivirus
- If valid is shown, please talk to your client people in order to set the following registry keys for the bot machine ONLY (this will disable the suspicious activity check on that client):
[HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Outlook\Security]
"CheckAdminSettings"=dword:00000001
"AdminSecurityMode"=dword:00000003
"PromptSimpleMAPISend"=dword:00000002
"PromptSimpleMAPINameResolve"=dword:00000002
"PromptSimpleMAPIOpenMessage"=dword:00000002
"PromptOOMCustomAction"=dword:00000002
"PromptOOMSend"=dword:00000002
"PromptOOMAddressBookAccess"=dword:00000002
"PromptOOMAddressInformationAccess"=dword:00000002
"PromptOOMMeetingTaskRequestResponse"=dword:00000002