When attempting to send a file from a Symantec File Share Encryption (previously PGP NetShare) protected directory by right clicking the file and selecting Send To > Mail Recipient, the files are not retaining the File Share Encryption wrapper, or simply attaching the Symantec File Share Encrypted file to an email, such as Microsoft Outlook.
Normally adding both the executable for the mail client and Explorer.exe to the application black list would prevent the file from being decrypted.
The observed behavior if Explorer.exe is added to the black list that files will not inherit the encryption wrapper from any File Share Encryption folder they are copied or moved into.
The behavior that files are automatically decrypted depending on how and where the files are moved to is known behavior and is working by design. For more information on these behaviors, please see article TECH149867.
A Feature Request has been submitted for this functionality.
Symantec Corporation is committed to product quality and satisfied customers. This Feature Request is currently being considered by Symantec Corporation to be addressed in a forthcoming version of the product. Technical Support filed a Feature Request to add this product feature. Note that a feature request is exactly that, a request. There is no committed date for this request from the Encryption Product Management team, nor from the Encryption Engineering team at this time. Please subscribe and be sure to refer back to this document periodically as any changes to the status of the request will be reflected here.
To be added to this Feature Request, please contact support who will track specific customer requests therein.
The following are known workarounds for this scenario:
This issue can be temporarily resolved by encrypting files, saving a copy outside of File Share Encryption, and then using PGP Zip to encrypt the file before emailing it as an attachment.
Another workaround is to add the mail application to the blacklist on Symantec Encryption Management Server under the Consumer Policy the users are applied to. For example, if the mail client was Microsoft Outlook, then in the policy, "Prevent the automatic decryption of files by the following applications", add "outlook.exe", as well as "fixmapi.exe". This will then keep the files encrypted when attaching to an email.
For more information on Blacklisting, please see the Symantec Encryption Management Server Administrator's Guide.
TECH229057 - FEATURE REQUEST: Prevent any applications from automatically decrypting File Share Encrypted files when handled by third-party applications
INFO3482 - FEATURE REQUEST: Add feature Parity for Symantec File Share Encryption Standalone clients for White and Blacklisting applications.
Rate this Article