PGP Offline Policy: Messages Blocked in Outlook if the PGP Client cannot reach the PGP Server
search cancel

PGP Offline Policy: Messages Blocked in Outlook if the PGP Client cannot reach the PGP Server


Article ID: 248101


Updated On:


Desktop Email Encryption Drive Encryption Encryption Management Server Endpoint Encryption File Share Encryption Gateway Email Encryption PGP Command Line PGP Key Management Server PGP Key Mgmt Client Access and CLI API PGP SDK


There may be times when the Symantec Encryption Desktop (PGP Desktop) client is unable to reach the Symantec Encryption Management Server (PGP server).  When this happens, the emails may be blocked and may not be able to send. 


This is normal behavior.  The PGP software is designed to take action even if the client is offline.  When the client is offline, there are policies that get executed so the client will behave in a certain way that you desire.


When this happens, the first thing to look at is the PGP server.  The PGP server is what will manage all these policies.

Open the Consumer Policy in question and then navigate to the Messaging and Keys tab: 

Notice on the bottom where it says "Mail Policy: Standalone".  From here, you can select a Mail Policy Chain you would like invoked when the PGP desktop client is unable to reach the PGP server.

For example, if you are trying to send an email, and the PGP client is installed, by default, these messages will block to ensure sensitive information is not sent.


Go to the Mail policies on the PGP server and review what you have there.  By default, you'll see a "Default: Standalone" chain.  Click it to show the policies:

The following rules will be seen in the chain by default:

When you click on each of these rules, you will notice the behavior that will be executed when the PGP Desktop client can't reach the PGP server and under the specific conditions you specify.

The default will block the emails.  Especially when you are clicking the Encrypt/Sign buttons, you can see the results here will block when a key cannot be found:

You can add your own rules and have them perform the actions that will suit your business needs.  For example, if the PGP Desktop client is offline, and you like the default behavior of blocking emails, but you would like to allow some emails to be sent using a special subject, you could create a rule similar to the following:

For example, in the screenshot above, you can see when the subject "[NoEncrypt]" is used, the action is to "Send clear", or unencrypted.  This rule can be associated to the Standalone policy.


Just as there is a "Default: Standalone" policy, you could create your own special "Offline" chain. 


To do this, go to your Mail Policy tab where all your chains exist, and click "Add Policy Chain...". 


In this example, we will call it "Offline Poilcy2" and you will see something similar to the following screenshot:

Next, you can add your own custom mail rules as we did above, and then you can assign this new Policy Chain to any of your policies.

The next time you go into your Consumer Policy, you will see this "OFFLINE POLICY2" chain as one of the options available to select:

Now you can decide which users part of specific consumer policies will get which Standalone policy you would like them to.

The help file on the PGP server is very useful, just click the "?" icon on the top right corner, and if you run into any snags, reach out to Symantec Encryption Support for further assistance. 

Additional Information

153217 - Symantec Encryption Desktop Offline Behavior