search cancel

Detection for Encrypted Email attachments not working as expected


Article ID: 172164


Updated On:


Data Loss Prevention Network Prevent for Email


Monitoring for encrypted email attachments DLP does not detect that an attachment is encrypted, thus no incident is generated. 

We have different encryption formats selected, but in doing some testing for Office 2016 (Word, Excel, PowerPoint) they aren't detected with these legacy formats.


File type is detected as Encrypted Office Open XML and not one of the three Microsoft file types:

  • Encrypted Legacy Microsoft Word
  • Encrypted Legacy Microsoft PowerPoint
  • Encrypted Legacy Microsoft Excel


DLP 14.6/15.x


This behavior is by design. DLP is not able to open and inspect password protected\encrypted files or attachments. When seeking to detect on encrypted or password protected Microsoft Office documents (Word, PowerPoint, Excel) use the Encrypted Office Open XML Encryption Format. Using this format provides desired results for the Message Attachment or File Type Match Detection Rule.