Symantec Encryption Desktop for Email Encryption is not automatically decrypting emails. Sent emails are automatically being encrypted, however upon receipt of encrypted emails in the Inbox, the emails remain encrypted.
There are no error messages displayed and the log also does not show any error message.
This is caused by specific Active Directory policies related to PST files such as the following:
"Prevent users from adding PST files to Outlook profiles..."
"Prevent users from adding new content to existing PST files"
There are three possible solutions for this issue:
If the Symantec Encryption Desktop client is standalone, meaning, there is no Symantec Encryption Management Server managing policy for the client, then setting a preference in the PGPprefs.xml file is necessary.
1. Close all windows and Click the Symantec Encryption Desktop icon by the clock, and select "Stop PGP Services".
2. To set the proper preference, go to Start, in the Search field, enter %appdata% and press enter. This should open the User's Roaming profile (C:\Users\user-name-here\AppData\Roaming). Open the PGP Corporation folder, then PGP, and right-click on the PGPprefs.xml file, and select "Open with...Wordpad".
3. Search for the following xml tag:
Set both values to true as shown:
NOTE: The PGPprefs.xml value has a top and bottom portion. The top portion is for standalone clients. The bottom portion is for managed clients. In a standalone environment, modifying only the top mailDisablePSTCacheStore value is necessary.
4. Once this value has been changed, save the file, and close.
5. Restart the Symantec Encryption Desktop services and attempt to decrypt messages.
Change the policies in Active Directory GPO relating to this PST files.
Add a preference to the Consumer Policy on Symantec Encryption Management Server called mailDisablePSTCacheStore (boolean) and set to "true" as this is not added to the policy by default. To add the preference to the policy, go to General > Edit XML Preferences. On the bottom of the XML Preferences Editor page, in the "Pref Name" field, type:
Next, set the Type to "Boolean" and enter the value "true", then click Save as seen in the following screenshot:
On a machine with Symantec Encryption Desktop, click Update Policy to download this new preference, and then re-test decryption. To validate the preference has been added, view the PGPprefs.xml file.