Content inspection of MPIP-encrypted items is unable to detect encyrpted labels, but it effectively detects unencrypted labels
Snippet from edpa logs below
WARNING | AgentServices.AIPManagementService | DecryptFile: Failed to unprotect file[c:\users\username\desktop\filename.xlsx], error:AESCryptoWriter: Failed to transform final block, CorrelationId=73ba5e8b-02d1-4bb9-becb-eda54435bd81, CorrelationId.Description=FileHandler
FINER | Detection.TempFile | Removed temporary file C:\Program Files\Manufacturer\Endpoint Agent\temp/buffer\16\4.
2648 | WARNING | Detection.ContentExtraction | MIPSubFileExtractor: Error extracting file [c:\users\username\desktop\filename.xlsx] with error code [2147614719]
Symantec has integrated the new Microsoft MPIP SDK 1.13 that supports Microsoft change in the following DLP versions:
Note: If you are using content-based detection rules, we recommend that you upgrade to one of these releases for decryption and content inspection of MPIP encrypted items.
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/ProductAdvisories/Symantec-DLP-now-supports-the-Microsoft-Purview-Information-Protection-upgrade-to-the-AES-256-CBC-enhanced-encryption-algorithm/22659
https://learn.microsoft.com/en-us/information-protection/develop/version-release-history