In Symantec Data Loss Prevention Endpoint Prevent there is a policy is set to create an incident on any document being sent that is unencrypted.

When you email an encrypted xls file that contains an unencrypted attachment, an incident is created stating that the file is not encrypted

Observed in Release: 15.1, & 15.5 MP2, but is likely to occur on any version.

Component :

The older xls file format keeps large chunks of metadata unencrypted and DLP picks up on this

Use the newer xlsx file format which will fully encrypt the entire document and its contents.