Is it possible to create a heuristic zone that includes only Outlook attachments, and the program that is used to open them? For example, if a user open a zip file with 7zip, I'd like the extracted file then included in the zone.
Or even better, create a zone that targets archive decompression utilities exclusively.
We deal with regulated information that sometimes has to be in encrypted format so it can't always be scanned/outright blocked at the border until we can implement a file transfer website.
There are many ways to block such a file from running with other policies and methods, but I'd to focus on the AV suite in this discussion. Most businesses and consumers will not restrict sensitive file types on their machines that get through encrypted zip, nor will they block password-protected/exe-containing ZIP files at the border so this is more of a broader protection discussion than simply for my benefit.