Detection is unable to crack password-protected MS Office documents

book

Article ID: 160202

calendar_today

Updated On:

Products

Data Loss Prevention Endpoint Prevent Data Loss Prevention Network Monitor Data Loss Prevention Network Prevent for Email Data Loss Prevention Network Discover Data Loss Prevention Network Prevent for Web Data Loss Prevention Network Protect Data Loss Prevention Endpoint Discover

Issue/Introduction

When Symantec DLP tries to scan password protected Microsoft Excel or Word files, it cannot crack these files for content-based detection, even though the files can be opened and viewed.  

Resolution

The password protection in Microsoft Excel spreadsheets and Word documents is only intended to provide write protection.  Any user of Excel or Word may still view the contents.

Detection fails since the Context Extraction engine is unable to open the protected files.  This is not a bug with Content Extraction or with our product.  It is confusing to customers because MS Word and Excel contents can be read but cannot be cracked by Content Extraction. Any "open" password-protected Excel or Word document is encrypted (as opposed to "modify" or "read only").  Microsoft decrypts the content to provide read-only access when you open the file; otherwise, you could open the document in Notepad and edit the text.  Encryption ensures that it is truly read-only.  Symantec DLP would need the password to support cracking for these files.

 Please reference Enhancement Request PM-898.