Issue:
When trying to debug issues with the DLP endpoint and various applications, you want to see if the endpoint actually hooked to the application
Solution:
To check if the endpoint is hooked to a specific application, find the application process using the Task Manager and run the following command:
tasklist /m /fi "imagename eq someprogram.exe"
For example, to search for all modules currently attached to outlook, we would use:
tasklist /m /fi "imagename eq outlook.exe"
In the output, you should be looking for QIPCAP64.dll (or QIPCAP.dll for 32bit OS)
In addition, we can also view all attachments that the endpoint currently has, by issuing the following opposite command:
tasklist /FI "MODULES eq qipcap64.dll"
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article