search cancel

Symantec Encryption Desktop allows Self-Decrypting Archives to be created despite being disabled in Consumer Policy

book

Article ID: 162961

calendar_today

Updated On:

Products

Desktop Email Encryption Drive Encryption Encryption Management Server File Share Encryption Powered by PGP Technology

Issue/Introduction

One of the Symantec Encryption Desktop Consumer Policy settings in Symantec Encryption Management Server is the following:

Allow conventional encryption and self-decrypting archives

If users create Self-Decrypting archives, there is a risk that users may forget the password with no means of recovery and therefore some organizations will wish to disable this feature.

Although this policy prevents users from creating password-protected PGP Zip archives as intended, it does not prevent users from creating self-decrypting archives.

 

Resolution

This issue is resolved in Symantec Encryption Desktop 10.3.2 MP12. Beginning with this release, when the Allow conventional encryption and self-decrypting archives policy is disabled, users cannot create either password protected or self-decrypting PGP Zip archives.