Hi,
we have applied the recommended HIPS policies for MS Office, and a few computers now regularly report that Outlook is trying to execute rundll32.exe. I haven't been able to find out why that is, doesn't seem to be an add-in or actual exploits.
Talked to someone whose PC reported it happening within five minutes and they said that all they've done was send an e-mail with an image attachment.
Is it possible to get more information from ESET about the blocked HIPS events, like the call parameters of (in this case) rundll32.exe?