When trying to debug issues with the DLP endpoint and various applications, you want to see if the endpoint actually hooked to the application
To check if the endpoint is hooked to a specific application, find the application process using the Task Manager and run the following command:
tasklist /m /fi "imagename eq someprogram.exe"
For example, to search for all modules currently attached to outlook, we would use:
tasklist /m /fi "imagename eq outlook.exe"
In the output, you should be looking for QIPCAP64.dll (or QIPCAP.dll for 32bit OS)
In addition, we can also view all attachments that the endpoint currently has, by issuing the following opposite command:
tasklist /FI “MODULES eq qipcap64.dll”