One of a Data Protection rule is configured to block the email if some specific file types are attached within that email.  The article describes why the .zip file and other archive types (ie: .rar) are not included in blocked file type list and how identify the attached zip file content.

Email security cloud

Data Protection

The service uses decompression tools which attempt to analyse a compressed file and open it if possible, this is used by the Anti-malware, Anti-spam, Cynic (Sandbox), Data Protection modules.

If the file is password protected, Email Security.cloud is unable to scan the contents of zip file. In this situation however, we'll check if a password is present in the email and attempt to open the file.

If the file is not password protected Email Security.cloud will scan it, should there be any suspicious content within the file it will be blocked.

How to identify the Zip file's content

You needy to enable the below option:

Data Protection > Settings > Reporting, select "Show matched content on reports," and "Show surrounding text on reports."

Once turned on, ensure you wait approximately 1+ hour for propagation and then run the report. The column "Matched Content" will show what in the email triggered the policy.

If the steps described above, please open a support case.