• Facebook
  • RSS Feed
  • Instagram
  • LinkedIn
  • Twitter
Jul 052011
 

A question which came up today on the Symantec Connect Forums is whether Vault Cache/Virtual Vault data is secure.  The answer is that by default it’s not.  If a machine containing Vault Cache data were to be used by someone else, then the files which make up Vault Cache/Virtual can be opened by a regular Outlook client.  They’re not particularly “nice” to navigate, but just like Outlook PST files they are not encrypted.  The files we are talking about :-

*.mdc

This is the metadata cache file.  There will be one per archive that the end user is synching.

Example file name : 1808AE8F4BB654DA189DCAA17C183C051110000GPKENTVLT1.enterprise.com.mdc

*.db

Even if there is only MDC file there will usually be more than one .DB file.  These form the Content Cache.

Example file name : 2007_01_03_0041.db

By default these file reside in the user profile area, eg %userprofile%appdatalocalKVSEnterprise Vault1FCCF9A75E9238881777AB1223

They can be placed anywhere on local disk, and this is driven by the policy setting “Root Folder” under Vault Cache in the Desktop Policy :

ovroot

Note: You can use environment variables in the specification… and you will need to synchronise the mailboxes before the change will take effect.  Essentially you would put something like C:VCData

Of course moving the data to somewhere else on the drive doesn’t secure the data in anyway.  There two options :-

* Encryption – either at the folder or the drive level.

* Limit the data on the machine to basically useless stuff – you can opt to not store content locally, at all.. but you will always get a metadata cache file per archive which is synchronised. 

If you opt for the second of these choices you and your security team should review the data which is in a typical end-users metadata cache file, before deciding whether that is sufficient for your security needs.  Again this setting is in the Desktop Policy :

donotstore

If you enjoyed this post, please consider leaving a comment or subscribing to the RSS feed to have future articles delivered to your feed reader.

 Leave a Reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

(required)

(required)