If you are a user of Microsoft Outlook then you may have noticed alert messages or popups sometimes when you are opening your emails.

An example of this can occur if a sender has sent you an email with a modified signature. They may have used a “.vbs” script that changed the signature in Outlook. Unintentionally the receiver will get a popup message warning about an attempt being made to access their email address information stored in Outlook.
 
“A program is trying to access e-mail address information stored in Outlook. If this is unexpected, click Deny and verify your antivirus software is up-to-date. For more information about e-mail safety and how you might be able to avoid getting this warning, click help.”

Most users will not get this popup warning message but others might receive it based on their security policy.

It is possible to disable “Programmatic Access Security” from the group policy but this will still not disallow the popup message from happening. As it turns out, just performing an update to your anti-virus software can prevent the warning message from being displayed when you receive this harmless modified signature.

There are other emails that can trigger these popup messages that warn of potential security breaches. For example, developers of Outlook add-ins or applications that interact with Microsoft Outlook, can sometimes inadvertently trigger popups or alerts.

When important Outlook objects such as address book or mail items are accessed this can cause the Outlook Object Model Guard to popup warnings like “A program is trying to access e-mail addresses you have stored in Outlook. Do you want to allow this? If this is unexpected, it may be a virus and you should choose No”. This can also produce a similar warning about your key Contacts list being accessed. These key items include properties and methods that are protected by security settings which cause these warning messages to popup when actions occur which look like security break-ins.

There are companies which provide code for developers that will enable or disable security settings for Outlook objects (in the Outlook Object Model), Collaboration Data Objects (CDO) and Simple MAPI. This code can be included to disable the security setting before accessing a protected object and then called again to turn it back on.

So when your company purchases add-ins to Outlook or other email programs it is always a good check off item during evaluations to ask if warning messages can be turned on or off by the users or administrators.