search cancel

Endpoint Encryption FlexResponse always encrypts *.exe files

book

Article ID: 174366

calendar_today

Updated On:

Products

Endpoint Encryption

Issue/Introduction

You have integrated Endpoint Encryption Removable Media Encryption (SEE-RME) and Data Loss Prevention (DLP) using FlexResponse and have a DLP rule that allows certain users to copy files to removable media without encryption.

However, when *.exe files are copied to removable media, they are still encrypted.

Environment

  • Symantec Data Loss Prevention 14.0 and above.
  • Symantec Endpoint Encryption Removable Media Encryption 11.3 and below.
  • Symantec Endpoint Encryption FlexResponse Plug-In.

Resolution

Upgrade to Endpoint Encryption 11.3 MP1 or above. In release 11.3 MP1 and above, executable files are encrypted according to DLP policy rules rather than always being encrypted.

If you cannot upgrade, to workaround this issue, create a new Removable Media Encryption policy that excludes *.exe files from being encrypted and apply this policy to the affected endpoints.