Code: 5604 -Summary: MIP file type detection failed warning explained
search cancel

Code: 5604 -Summary: MIP file type detection failed warning explained

book

Article ID: 386207

calendar_today

Updated On:

Products

Data Loss Prevention Enterprise Suite

Issue/Introduction

Symantec DLP use the Microsoft MIP SDK to open the file when the first few bytes of the file match a Microsoft MIP encrypted file; however in that attempt Symantec DLP get this error:

Code: 5604 -Summary: MIP file type detection failed

Detail: Exception during isProtected:unable to detect using FileHandler::IsProtected:Failed to open/create root storage, not a valid compound file. Inconsistent block allocation table

Environment

Symantec DLP Detection Server: 15.8.x / 16.0.x / 16.0.1.x / 16.0.2.x / 16.1

 

Cause

From the SDK when it does not see the data of the file, as expected for an MIP encrypted document. In other words this error, is that the file has been altered in a way that makes it fall outside of being a trusted MIP encrypted document. This kind of corruption could be the result of a disk failure where some of the bits of the file have been lost.

DLP Engineering could reproduce this failure by manually altering a MIP encrypted file outside of using the Microsoft product/SDK (like a hex editor), then trying to open the file which would have the same effect of a disk corruption of the file.

Resolution

Either way the issue is with the file, either the original file or the local copy of the file Symantec DLP use during detection.