All / most of my users are getting a pop up that Callercheck exploit was prevented in Outlook

Question

We are using Outlook 2016 (365) and getting widespread 'CallerCheck exploit prevented in Microsoft Outlook.' 
 How do I determine if this is outlook or a 3rd party plugin. We all have one plugin in particular, from Newforma. 
 Please advise! 
 Thanks, 
 Phil

David Reed · Answer

Sophos have made some changes and now our Outlook add-in no longer triggers the CallerCheck exploit with Outlook.exe. Instead, the Outlook add-in executable itself now triggers a Lockdown exploit. We have added this to our global scanning exclusions list and we no longer get any problems even after installing the latest Windows updates.

David Reed · Answer

We had a reply back from Sophos last week saying "We have received an update from the development team that the issue is fixed with a minor update recently released by us". We removed all entries from the global exclusion list and sure enough the problem was fixed. We were also getting a "Lockdown" vulnerability detected for a while for the same Outlook Add-In. This is no longer being triggered either even with all the latest Windows updates applied. 
 It took them 2 months but we got there in the end.

All / most of my users are getting a pop up that Callercheck exploit was prevented in Outlook

Submitted a Tech Support Case lately from the Support Portal?