If you run the Outlook Client Sensor then the following message could pop up

 

 

It indicates that either no AV is running on that computer OR the AV is out-dated OR a internal system policy is in place

How to verify ?

  • Open Outlook Client
  • Open Options / Trust Center / Trust Center Settings
  • Click on "Programmatic Access"
  • Check the AV Status
    • if Invalid is shown, please check your AV


  • if valid is shown, please talk to your client people in order to set the following registry keys for the Bot machine ONLY: (this will disable the suspicious activity check on that client)

[HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Outlook\Security]

"CheckAdminSettings"=dword:00000001
"AdminSecurityMode"=dword:00000003
"PromptSimpleMAPISend"=dword:00000002
"PromptSimpleMAPINameResolve"=dword:00000002
"PromptSimpleMAPIOpenMessage"=dword:00000002
"PromptOOMCustomAction"=dword:00000002
"PromptOOMSend"=dword:00000002
"PromptOOMAddressBookAccess"=dword:00000002
"PromptOOMAddressInformationAccess"=dword:00000002
"PromptOOMMeetingTaskRequestResponse"=dword:00000002