ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Detection for Encrypted Email attachments not working as expected

book

Article ID: 172164

calendar_today

Updated On:

Products

Data Loss Prevention Network Prevent for Email

Issue/Introduction

Monitoring for encrypted email attachments DLP does not detect that an attachment is encrypted, thus no incident is generated. 

We have different encryption formats selected, but in doing some testing for Office 2016 (Word, Excel, PowerPoint) they aren't detected with these legacy formats.

Cause

File type is detected as Encrypted Office Open XML and not one of the three Microsoft file types:

  • Encrypted Legacy Microsoft Word
  • Encrypted Legacy Microsoft PowerPoint
  • Encrypted Legacy Microsoft Excel

Environment

DLP 14.6/15.x

Resolution

This behavior is by design. DLP is not able to open and inspect password protected\encrypted files or attachments. When seeking to detect on encrypted or password protected Microsoft Office documents (Word, PowerPoint, Excel) use the Encrypted Office Open XML Encryption Format. Using this format provides desired results for the Message Attachment or File Type Match Detection Rule.