StevenWhiting.com

A place for info I've learnt in IT & stuff. (I get a little kick back from affiliate ads & links, just so you are aware)

OST viewer

Have used before. It’s very good and free.

https://www.nucleustechnologies.com/ost-viewer.html

Adverts

UPDATE – I’ve changed the Amazon links to point to the Smile charity Amazon links instead so I don’t get anything but a charity will. More info about Smile Amazon here https://www.amazon.co.uk/gp/help/customer/display.html?nodeId=202035970

Sorry about the adverts. I needed to put them on to try and fund the site. Feel free to put an adblock on if you wish. I’d rather you didn’t as would help with the hosting fees (which have gone up) but I understand if you wish to disable them.

If you’d like to donate, I’d be grateful 🙂

PayPal Donation. Fanks :o)

https://docs.microsoft.com/en-us/sysinternals/downloads/sysinternals-suite

The nice people at my hosting helped me fixed this, Krystal. As I thought it might be an issue at their end but turns out it wasn’t. Most other providers wouldn’t of bothered fixing this as it was my issue, not theirs.

It was a rogue plugin. Rename the plugin folder on your WordPress via FTP or Cpanel. Then you should be able to get into admin. Rename plugin back to what it was which should bring back all plugins but they will be disabled. Then turn them on, one by one, till you find the one causing the issue.

Bad Behaviour was the one causing this. I note it hasn’t been update for months and not tested with the version of WordPress I’m on so I’ve left it disabled.

Run CMD as admin and just type as follows

REG ADD “HKLM\SOFTWARE\Policies\Google\Chrome” /v IncognitoModeAvailability /t REG_DWORD /d 00000002

Other interesting reg settings


https://www.chromium.org/administrators/policy-list-3

uninstall-adddomaincontroller -lastdomaincontrollerindomain -removeapplicationpartitions

This will still fail if you have the box ticked in AD that protects the object from deletion.

Another old one from the XP days and I believe this was Outlook 2010.

Two users would kept getting this Outlook popup every few minutes. Very helpful message “A program”. Would be good if it could report what program had invoked it.

Outlook Message

So I fire up Process Monitor and take a trace. Once I stop the capture I take a look. I assume it’s a not registry issue so I filter all reg entries out.

You can quickly do this by just clicking the registry icon

Filter buttons

This now filters out all the reg entries in the trace.

I then filter out just Outlook to see if there is anything obvious and see these entries.

Outlook filtered

I pick the first TCP entry and press CTRL+B to bookmark it. I then go and turn the Outlook filter off so all other entries reappear. I do this to see what is going on around that time other than Outlook and I bookmark it in case I lose my place.

This reveals the app that appears to be invoking this and causing the popup

More filters

The piece of Crapita (sorry I mean Capita https://en.wikipedia.org/wiki/Capita) software appears to be reference the Outlook Object Library and then I see Outlook trying to connect to the exchange server. These all correspond with the pop-up. Speaking to the person who supported the Crapita app they discovered there was an issue on the server that was causing CapitaEVForms to do this. Once disabled the message stopped.

It appears if an external app attempts to invoke Outlook without permission or as in this case, access the address book without being “Trusted” then Outlook pops up a warning in case the access was malicious.