Video Screencast Help

Symantec Desktop Encryption always encrypts email

Created: 20 Mar 2013 | 7 comments

 

I am using Symantec Desktop Encryption 10.3.0. Every time I send an email to someone whose key is in my keyring the email is automatically encrypted.

I am using Outlook 2013 with POP servers.

I have configured Symantec Desktop Encryption via Options->Messaging-> secure e-mail and have set " activate PGP-encryption Button ... in Outlook".
But it does not matter, if I set the "Encryption" button when creating a new email, or not, the emails are always encrypted. The only policies I have in place are Sign & Encrypt, Sign Button, and Encrypt Button.

How can I choose the emails I wish to encrypt and the rest which I do not want encrypted?

Thanks in advance.

Operating Systems:

Comments 7 CommentsJump to latest comment

Tom Mc's picture

Are you maybe in a PGP/Symantec Universal managed setting that encrypts mail at the server level?

Do you have more than one PGP/Symantec messaging service?

If you leave everything else the same, but disable those three button policies, does it still encrypt to those keys?

When you consider your issue resolved, please click Mark As Solution on the most helpful response.

Search the Knowledge Base &

trogdor's picture

I am not using a Universal server.

Just one Symantec messaging service.

Disabling buttons allowed the message to go through unencrypted.

Tom Mc's picture

Please make sure your button policies are set correctly.

Encrypt Button Default Policy
Encrypt Button is one of the default security policies that PGP Desktop automatically creates for a service. The settings for this default policy are:

If: If all

Conditions: Message Header "X-PGP-Encrypt-Button" contains "selected"

Actions: Encrypt to recipient's verified key

Prefer encoding: automatic

If a recipient's key is not available: Search keys.domain and keyserver.pgp.com and temporarily cache found keys

If no result: Block message
This rule should appear fourth in the list of default policies.

------------------

Sign + Encrypt Buttons Default Policy
Encrypt and Sign Buttons is one of the default security policies that PGP Desktop automatically creates for a service. The settings for this default policy are:


If: If all

Conditions: Message Header "X-PGP-Sign-Button" contains "selected"; Message Header "X-PGP-Encrypt-Button" contains "selected"

Actions: Sign; Encrypt to recipient's verified key

Prefer encoding: automatic

If a recipient's key is not available: Search keys.domain and keyserver.pgp.com and temporarily cache found keys

If no result: Block message
This rule should appear second in the list of default policies.

--------------------

Sign Button Default Policy
Sign Button is one of the default security policies that PGP Desktop automatically creates for a service. The settings for this default policy are:

If: If all

Conditions: Message Header "X-PGP-Sign-Button" contains "selected"

Actions: Sign

Prefer encoding: automatic
This rule should appear third in the list of default policies.

-----------------

Encrypt Button Default Policy
Encrypt Button is one of the default security policies that PGP Desktop automatically creates for a service. The settings for this default policy are:

If: If all

Conditions: Message Header "X-PGP-Encrypt-Button" contains "selected"

Actions: Encrypt to recipient's verified key

Prefer encoding: automatic

If a recipient's key is not available: Search keys.domain and keyserver.pgp.com and temporarily cache found keys

If no result: Block message
This rule should appear fourth in the list of default policies.

--------------

 

When you consider your issue resolved, please click Mark As Solution on the most helpful response.

Search the Knowledge Base &

Tom Mc's picture

You might need a new policy right after the button policies:

If any

Recipient  is  *.*

Send in Clear

When you consider your issue resolved, please click Mark As Solution on the most helpful response.

Search the Knowledge Base &

Tom Mc's picture

Think I erred on that.

Please try:

If any

Recipient Domain is  *

Send in Clear

When you consider your issue resolved, please click Mark As Solution on the most helpful response.

Search the Knowledge Base &

trogdor's picture

Policies are set correctly. I will add the *.* policy and see what happens.  Thanks.

Tom Mc's picture

Did this work for you?

When you consider your issue resolved, please click Mark As Solution on the most helpful response.

Search the Knowledge Base &