Running Encryption Management Server 3.4.1 MP2. Client 10.4.1 MP2 on Windows 10 Enterprise.
Files are in an encrypted share. If I copy a file to a USB, and then to a PC that doesn't have the encryption desktop or the keys, the file is unreadable. But if I attach to an Outlook email, the file is received on the other end unencrypted. I believe I got around this by specifying outlook.exe under Prevent the automatic decryption of files by the following applications in the consumer policy. I also added chrome.exe to prevent decryption when uploading to Box.com. But this doesn't seem like a good solution. The user would just need to find an application that I haven't specified to send the file. Is there a global setting that will prevent the file from being decrypted?
Also, is there a way to set the consumer policy so that a user cannot decrypt a whole file share? I want them to access the files as needed from the corporate endpoints, but have no way to decrypt them for transfer anywhere else.