Currently There are many ways to decrypt File Share Encrypted files when moved outside the protected container. This could include moving and or copying to different locations as well as files being handled by third-party applications.
A current feature within the Symantec Encryption Management Server will allow you to Prevent the automatic decryption of files by the following applications via a list of executables.
The current implementation of this requires you to add each executable that you do not want to be able to decrypt the File Share Encrypted file. This process is also known as Blacklisting of application files and can be difficult to find and manage all the different executables that could touch the encrypted files and allow them to be decrypted.
This request was submitted to automatically block all applications from decrypting the File Share Encrypted files when moved outside the protected folder. Then you could use an exclusion list to allow only the applications for that specific file type to be able to decrypt the file for use.
The behavior that files are automatically decrypted depending on how and where the files are moved to is known behavior and is working by design. For more information on these behaviors, please see article TECH149867.
A Feature Request was submitted for this functionality.
Symantec Corporation is committed to product quality and satisfied customers. Support has worked directly with Product Management and has determined this feature will not be included at this time. Please subscribe to this article for any updates. To be added to this Feature Request, please contact support who will track specific customer requests therein.
Other Feature Requests have been logged surrounding this behavior and to prevent the automatic decryption behavior. For more information on these requests, please visit the following articles:
TECH181705 - FEATURE REQUEST: Encryption is not maintained when sending a Symantec File Share Encryption (previously PGP NetShare) protected file as an email attachment
INFO3482 - FEATURE REQUEST: Add feature Parity for Symantec File Share Encryption Standalone clients for White and Blacklisting applications.