Avanan has upgraded the detection and added available actions to mitigate encrypted attachments.
Password-protected email attachment is a known attack vector. The email looks legitimate, and the password is included in the body of the email. The malware is activated when the user decrypts the attachment using the provided password and launching the file.
Avanan checks for encrypted attachments, and allows to decide how to treat the email when encrypted attachment is discovered - Phishing, Suspected Phishing, and various combinations based on confidence level.
The encrypted attachment detection is disabled by default. To enable it, go to Configuration > Security Engines > SmartPhish configure, and select the desired option under “Mark incoming emails with encrypted attachment as”.
It is also possible to deliver the email with a warning banner, notifying the user to be careful with this email. To enable the banner, choose “User receives the email with a warning” option in the Threat Prevention policy workflows.