Detection for Encrypted Email attachments not working as expected

book

Article ID: 184520

calendar_today

Updated On:

Products

Data Loss Prevention Network Prevent for Email

Issue/Introduction

When monitoring for encrypted email attachments DLP is not detecting that an attachment is encrypted, thus no incident is generated. 

We have different encryption formats selected, but in doing some testing for Office 2016 (Word, Excel, Powerpoint) they aren't detected with these legacy formats.

Cause

File type detected as Encrypted Office Open XML and not one of the three Microsoft file types:

  • Encrypted Legacy Microsoft Word
  • Encrypted Legacy Microsoft PowerPoint
  • Encrypted Legacy Microsoft Excel

Environment

DLP 14.6/15.x

Resolution

When seeking to detect on encrypted/password protected Microsoft Office documents (Word, PowerPoint, Excel) use the Encrypted Office Open XML Encryption Format for desired results for the Message Attachment or File Type Match Detection Rule.