Monitoring for encrypted email attachments DLP does not detecting that an attachment is encrypted, thus no incident is generated.
We have different encryption formats selected, but in doing some testing for Office 2016 (Word, Excel, PowerPoint) they aren't detected with these legacy formats.
File type is detected as Encrypted Office Open XML and not one of the three Microsoft file types:
Encrypted Legacy Microsoft Word
Encrypted Legacy Microsoft PowerPoint
Encrypted Legacy Microsoft Excel
This behavior is by design. DLP is not able to open and inspect password protected\encrypted files or attachments. When seeking to detect on encrypted or password protected Microsoft Office documents (Word, PowerPoint, Excel) use the Encrypted Office Open XML Encryption Format. Using this format provides desired results for the Message Attachment or File Type Match Detection Rule.
Subscribing will provide email updates when this Article is updated. Login is required.