DLP does not detect sensitive data embedded in XML files, such as item1.xml, located in the customXML directory of Microsoft Office files (e.g., .docx, .xlsx, .pptx). This issue occurs even when keyword-based detection rules are configured, resulting in no incidents being generated for hidden data.

DLP is designed to scan the primary content and metadata of Office files, but does not include the capability to inspect embedded XML files within the customXML directory. These XML files, can contain sensitive information and are accessible when Office files are extracted (e.g., by renaming a .docx file to .zip and navigating to the customXML folder).

A Feature Request has been created to enhance Symantec DLP’s detection capabilities.