DLP supports the detection of MPIP encrypted files and emails. By default, the Incident Snapshot page only shows the policy violation, not all the body content.

With Data Loss Prevention 16.1, you can view the original email body and you can download the decrypted email file and its attachments.

This feature is not available for Endpoint incidents.

DLP 16.1

To enable viewing and downloading, make sure that the decrypt.mip.message.and.attachments.feature.enabled setting is enabled.

Also ensure that your DLP account has permission to view the MPIP decrypted content.

By default the setting is disabled and you cannot view or download MPIP decrypted content and files until you enable the setting.

The property "decrypt.mip.message.and.attachments.feature.enabled" should be set to "true" in the Enforce.properties file on the Enforce server.

Enforce.properties file will be in the directory: \Program Files\Symantec\DataLossPrevention\EnforceServer\16.1.00000\Protect\config\