[Forcepoint] [DLP] How to check if the DLP endpoint is hooking to an application

Modified on Sun, 16 Jan, 2022 at 4:05 PM

Issue:


When trying to debug issues with the DLP endpoint and various applications, you want to see if the endpoint actually hooked to the application



Solution:


To check if the endpoint is hooked to a specific application, find the application process using the Task Manager and run the following command:

tasklist /m /fi "imagename eq someprogram.exe"

For example, to search for all modules currently attached to outlook, we would use:

tasklist /m /fi "imagename eq outlook.exe"

In the output, you should be looking for QIPCAP64.dll (or QIPCAP.dll for 32bit OS)

In addition, we can also view all attachments that the endpoint currently has, by issuing the following opposite command:

tasklist /FI "MODULES eq qipcap64.dll"


Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article