[SOLVED] Outlook Classic + iCloud (Store App): "Malicious Code" error on Appointment Creation. MFCMAPI confirms standard IPM.Appointment class.

After extensive testing and confirming that neither 'Trust Center' settings nor 'Whitelisting' scripts solved the issue, I found the root cause:

The iCloud Form Region (the custom UI layer Apple injects into the Appointment window) contains code/ActiveX controls that trigger modern Outlook security blocks.

The Solution (Workaround): Instead of fighting the security block, you can simply disable the visual Form Region in the Registry. This forces Outlook to use its native/standard Appointment window (which loads instantly and safely) while keeping the iCloud Synchronization engine fully active in the background.

Steps to fix:

Close Outlook.

Open Registry Editor (regedit).

Navigate to the Form Regions key. Depending on your Windows/Office version (32-bit vs 64-bit), check both locations:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\FormRegions\IPM.Appointment

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Office\Outlook\FormRegions\IPM.Appointment

Look for the key/value named Apple.DAV.Appointment.

Rename it to _Apple.DAV.Appointment (adding the underscore hides it from Outlook).

Restart Outlook.

Result:

No more 'Malicious Code' error when opening/creating iCloud appointments.

The window opens instantly (Native Outlook UI).

Synchronization to iPhone/iPad works perfectly.

Note: A future update of the iCloud for Windows app might recreate these keys. If the error returns, simply rename them again.

This looks like a generic AI-generated response.

I have already analyzed the Event Viewer (Event ID 32), as stated in my post.

Process Monitor is a generic tool; I am asking for specific knowledge regarding which GUIDs/CLSIDs are used by the iCloud Add-in appointment forms to whitelist them.

Please do not mark this as answered. I am waiting for a human engineer or MVP with knowledge of Outlook Form Regions security policies.

To trace the specific CLSID or GUID that Outlook is blocking, you can follow these steps:

1. Use Process Monitor: Download and run Process Monitor from Sysinternals. Set up a filter to capture events related to Outlook. Look for any entries that indicate a failure to load a specific COM object or ActiveX control when you attempt to create a new appointment.
2. Check Event Viewer: Since you already have Event ID 32 logged, look for any additional related events around the same timestamp that might provide more context or details about the blocked object.
3. Review the iCloud Add-in: Since the issue seems to stem from the iCloud COM Add-in, check if there are any updates or known issues with the version you are using. Sometimes, the add-in itself might have bugs that cause it to attempt to load unsupported components.
4. Registry Inspection: You can inspect the registry for any entries related to the iCloud add-in. Look under HKEY_CLASSES_ROOT and HKEY_CURRENT_USER\Software\Microsoft\Office\Outlook\Addins for any CLSIDs or GUIDs associated with the iCloud add-in.
5. Debugging Tools: If you have access to Visual Studio or another debugging tool, you can attach it to the Outlook process to catch any exceptions or errors that occur when the appointment creation fails. This may give you insight into what specific object is being blocked.
6. Contact Support: If you are unable to identify the offending object, consider reaching out to Microsoft support or the iCloud support team for assistance. They may have additional tools or insights to help you diagnose the issue.

By following these steps, you should be able to identify the specific CLSID or GUID that is causing the security error when creating appointments in the iCloud calendar folder.