MIP (Microsoft Information Protection) is failing to detect and is returning the error "AESCryptoWriter: Failed to transform final block."
search cancel

MIP (Microsoft Information Protection) is failing to detect and is returning the error "AESCryptoWriter: Failed to transform final block."

book

Article ID: 274766

calendar_today

Updated On:

Products

Data Loss Prevention

Issue/Introduction

Content inspection of MPIP-encrypted items is unable to detect encyrpted labels, but it effectively detects unencrypted labels

Cause

Snippet from edpa logs below

 WARNING | AgentServices.AIPManagementService | DecryptFile: Failed to unprotect file[c:\users\username\desktop\filename.xlsx], error:AESCryptoWriter: Failed to transform final block, CorrelationId=73ba5e8b-02d1-4bb9-becb-eda54435bd81, CorrelationId.Description=FileHandler
 FINER   | Detection.TempFile | Removed temporary file C:\Program Files\Manufacturer\Endpoint Agent\temp/buffer\16\4.
 2648 | WARNING | Detection.ContentExtraction | MIPSubFileExtractor: Error extracting file [c:\users\username\desktop\filename.xlsx] with error code [2147614719]

Resolution

Symantec has integrated the new Microsoft MPIP SDK 1.13 that supports  Microsoft change in the following DLP versions:

DLP 16.0.1 
DLP 15.8 MP3 Hotfix (Hotfix 15.8.00318.01007) 

If you are using content-based detection rules, we recommend that you upgrade to one of these releases for decryption and content inspection of MPIP encrypted items. 

Additional Information

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/ProductAdvisories/Symantec-DLP-now-supports-the-Microsoft-Purview-Information-Protection-upgrade-to-the-AES-256-CBC-enhanced-encryption-algorithm/22659


https://learn.microsoft.com/en-us/information-protection/develop/version-release-history