Upgrades to Data Loss Prevention 15.5 incorrectly replace .doc, .xls, and .ppt MIME types with Open XML MIME types

book

Article ID: 185110

calendar_today

Updated On:

Products

Data Loss Prevention Endpoint Prevent

Issue/Introduction

This technote replaces a previous alert (ALERT2690) for DLP.

Cause

The upgrade process to Data Loss Prevention 15.5 incorrectly applies a wild card replacement of .doc, .xls, and .ppt MIME types to Open XML MIME types.

This wild card replacement results in the following changes:

  • docuworks MIME type is changed to docxuworks (this results in a red error banner when editing some policies)
  • encrypted_doc MIME type is changed to encrypted_doc, docx (an additional MIME type)
  • encrypted_xls is changed to encrypted_xls, xlsx (an additional MIME type)
  • encrypted _ppt is changed to encyrpted_ppt, pptx (an additional MIME type)

The additional MIME types for policy conditions can cause false negatives. They can also cause data loss for policy exceptions.

Environment

DLP systems upgraded to 15.5

Resolution

To address this issue, see the Knowledgebase article, "Red banner when editing some policies after upgrading to 15.5," and follow the workaround provided in the article.

The issue is fixed in 15.5 MP1.