A question which came up today on the Symantec Connect Forums is whether Vault Cache/Virtual Vault data is secure. The answer is that by default it’s not. If a machine containing Vault Cache data were to be used by someone else, then the files which make up Vault Cache/Virtual can be opened by a regular Outlook client. They’re not particularly “nice” to navigate, but just like Outlook PST files they are not encrypted. The files we are talking about :-
This is the metadata cache file. There will be one per archive that the end user is synching.
Example file name : 1808AE8F4BB654DA189DCAA17C183C051110000GPKENTVLT1.enterprise.com.mdc
Even if there is only MDC file there will usually be more than one .DB file. These form the Content Cache.
Example file name : 2007_01_03_0041.db
By default these file reside in the user profile area, eg %userprofile%appdatalocalKVSEnterprise Vault1FCCF9A75E9238881777AB1223
They can be placed anywhere on local disk, and this is driven by the policy setting “Root Folder” under Vault Cache in the Desktop Policy :
Note: You can use environment variables in the specification… and you will need to synchronise the mailboxes before the change will take effect. Essentially you would put something like C:VCData
Of course moving the data to somewhere else on the drive doesn’t secure the data in anyway. There two options :-
* Encryption – either at the folder or the drive level.
* Limit the data on the machine to basically useless stuff – you can opt to not store content locally, at all.. but you will always get a metadata cache file per archive which is synchronised.
If you opt for the second of these choices you and your security team should review the data which is in a typical end-users metadata cache file, before deciding whether that is sufficient for your security needs. Again this setting is in the Desktop Policy :