DLP End-Point Prevent - Content cannot be interrogated
We are looking at decreasing our data threat foot-print and are looking at trying to configure an End-point Prevent policy to disallow “copying” or “moving” data that cannot be inspected (password protected, encrypted, unknown file format, etc.).
Has anyone developed a policy that detects or creates incidents when content cannot be interrogated (files, attachments, posts, etc.)?