![\"\"](\"https:\/\/stevenwhiting.com\/blog\/wp-content\/uploads\/2019\/sysint\/thecaseoftheoddoutlookpopup\/0.png\")
<\/a>So I fire up Process\nMonitor and take a trace. Once I stop the capture I take a look. I assume it’s\na not registry issue so I filter all reg entries out.<\/p>\n\n\n\n
You can quickly do\nthis by just clicking the registry icon<\/p>\n\n\n\n This now filters out\nall the reg entries in the trace.<\/p>\n\n\n\n I then filter out\njust Outlook to see if there is anything obvious and see these entries.<\/p>\n\n\n\n I pick the first TCP\nentry and press CTRL+B to bookmark it. I then go and turn the Outlook filter\noff so all other entries reappear. I do this to see what is going on around\nthat time other than Outlook and I bookmark it in case I lose my place.<\/p>\n\n\n\n This reveals the app\nthat appears to be invoking this and causing the popup<\/p>\n\n\n\n The piece of Crapita (sorry I mean Capita https:\/\/en.wikipedia.org\/wiki\/Capita<\/a>) software appears to be reference the Outlook Object Library and then I see Outlook trying to connect to the exchange server. These all correspond with the pop-up. Speaking to the person who supported the Crapita app they discovered there was an issue on the server that was causing CapitaEVForms to do this. Once disabled the message stopped.<\/p>\n\n\n\n It appears if an\nexternal app attempts to invoke Outlook without permission or as in this case,\naccess the address book without being “Trusted” then Outlook pops up\na warning in case the access was malicious.<\/p>\n","protected":false},"excerpt":{"rendered":" Another old one from the XP days and I believe this was Outlook 2010. Two users would kept getting this Outlook popup every few minutes. Very helpful message “A program”. Would be good if it could report what program had … Continue reading <\/a><\/a>