We are unable to detect additional content in original files (like email attachments) added via ADS (Alternate Data Streams) for NTFS file systems either on the Endpoint Agent or Detection server. 

Component : Default-Sym

Not currently supported.

Currently the ability to do detection on Alternate Data Streams is not supported in DLP, we do however have open feature requests as follows to add this functionality in the future: 

PM-1217 - Detection - Alternate data streams coverage
Description: Ability to scan the contents of alternative data streams on NTFS.

ISFR-503 - DLP Detection - DLP: Read Alternate Data Stream Tags & XMP Tags
Description: DLP should be able to read content on files via Alternate Data Stream(ADS) and XMP.

If you would like to endorse this request please contact Broadcom DLP Technical Support.