How to detect password protected zip and pdf files with the Endpoint Prevent Agent.

book

Article ID: 159966

calendar_today

Updated On:

Products

Data Loss Prevention Endpoint Prevent Data Loss Prevention Endpoint Discover

Issue/Introduction

As a DLP Admin, how can I detect password protected files, like zip and pdf, at the Endpoint?

Cause

Encrypted file-type detection, by default, is performed by the Endpoint Server.

Resolution

Available Workaround:

Utilize a 'Custom File Type' signature to detect password protect .zip files on the Endpoint Server and Endpoint Agent.

Reference: Symantec Data Loss Prevention Detection Customization Guide 14.0