All,

Thanks in advance for any assistance.

I've enabled a DLP policy using a two conditions, email is sent outside the organization and "any email attachment's content could not be scanned"

I'm receiving large numbers of hits (40,000+) in activity explorer for a weeks worth of data.  The data ranges from a few KB to several MB and when I add the column for file extension, none of these files have extensions.

Is there a way, through the compliance portal, to assess what these files are without going into discovery and pulling the individual emails?

I've done some googling but haven't found an answer as of yet.

Has anyone else seen similar behavior?