RMS encrypted standard text file is not detected by DLP
search cancel

RMS encrypted standard text file is not detected by DLP

book

Article ID: 184581

calendar_today

Updated On:

Products

Data Loss Prevention Enforce Data Loss Prevention

Issue/Introduction

RMS encrypted standard text file is not detected by Data Loss Prevention (DLP).

Environment

DLP 14.x, 15.x, Windows 10

Cause

This is expected behavior as the default detection for RMS Encryption is for 

  • Microsoft RMS Encrypted Office Binary File
  • Microsoft RMS Encrypted Open Packaging Conventions File

Resolution

You can create a custom file type to detect the RMS text file encryption: 

You can use the code below to create the custom file detection type: 

 

$pfileTag=ascii('.pfile');

$pfileBytes=getBinaryValueAt($data, 0x0,6);

assertTrue($pfileTag==$pfileBytes);

 

 

Powered by Wolken Software