For maximum safety, I currently have our Symantec Messaging Gateway configured to block encrypted attachments, as this method is frequently used to bypass malware scanning. The problem is that there are a number of legitimate uses for encrypted files, and because the SMG doesn't allow exceptions for rules in the "malware" category, and "encrypted attachments" is processed during the "malware" category/filter, I cannot create exceptions for this rule at the moment. I have worked with support to verify that I wasn't missing something. I would either like to see an option for exceptions in the "encrypted attachments" rule in the malware filter, or perhaps make it such that the content filter can detect encrypted attachments, since the content filter allows more granular control and exceptions.
At the moment, I'm having to manually retrieve any legitimate encrypted attachments for 200+ users, which is a waste of time.