5604 - 'MIP file type detection failed' events appear in console after upgrade to 15.8
search cancel

5604 - 'MIP file type detection failed' events appear in console after upgrade to 15.8


Article ID: 214822


Updated On:


Data Loss Prevention Endpoint Prevent Data Loss Prevention Network Prevent for Email


  • Since upgrading to DLP 15.8 you have received occasional event alerts in the Enforce console of the type 5604 - MIP file type detection failed 
    • The event alert includes the message "The file has been protected using non RMS technologies"
  • You do not have MIP configured in your environment


Release : 15.8

Component : Network Prevent for Email/Web/Endpoint


The error happens with password-protected MS Office documents. We use the MIP plugin to do some file type analysis and it is returning an error, in this case, that we should be ignoring. After this, our code will use other plugins to determine the file type, and these files will be correctly identified by those plugins despite this error. This is new in 15.8 because we added in some metric collection on various errors during detection and this is one of the included errors


The event can be ignored; this has been resolved in DLP 16.0.



This issue can be worked-around by disabling the MIP plugin on the Detection Server. This is done by editing the MIP plugin's manifest.xml file

(\Program Files\Symantec\DataLossPrevention\ContentExtractionService\15.8.00000\Plugins\Protect\plugins\contentextraction\MicrosoftInformationProtectionPlugin\manifest.xml)

and changing the text disabled="false" to disabled="true" and restarting the Detection Server.

This, of course, will also disable the Detection Server's MIP support.