search cancel

Endpoint Encryption FlexResponse always encrypts *.exe files


Article ID: 174366


Updated On:


Endpoint Encryption


You have integrated Endpoint Encryption Removable Media Encryption (SEE-RME) and Data Loss Prevention (DLP) using FlexResponse and have a DLP rule that allows certain users to copy files to removable media without encryption.

However, when *.exe files are copied to removable media, they are still encrypted.


  • Symantec Data Loss Prevention 14.0 and above.
  • Symantec Endpoint Encryption Removable Media Encryption 11.3 and below.
  • Symantec Endpoint Encryption FlexResponse Plug-In.


Upgrade to Endpoint Encryption 11.3 MP1 or above. In release 11.3 MP1 and above, executable files are encrypted according to DLP policy rules rather than always being encrypted.

If you cannot upgrade, to workaround this issue, create a new Removable Media Encryption policy that excludes *.exe files from being encrypted and apply this policy to the affected endpoints.