ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Discover scans of MSG or EML files results in duplicate incidents


Article ID: 160238


Updated On:


Data Loss Prevention Network Discover


Discover decomposes MSG, EML files into two files (MSG and MAIL).


Relevant versions:  6.0 and above

Discover scans of .msg, .eml files results in duplicate incidents that have the exact same ID and content.

The root cause is a known bug reported in PROTECT-6717 (Etrack 1309882; 1309883; 1309884), which causes .msg (.eml) messages to decompose into .msg (.eml) and .MAIL files. This results in duplicate scanning of the content.

This happens both at scanning a *.msg, *.eml file on a file system and during a PST scanning.