MIME Type validation in password protected encrypted files <!-- /*NS Branding Styles*/ --> .ns-kb-css-body-editor-container { p { font-size: 12pt; font-family: Lato; color: #000000; } span { font-size: 12pt; font-family: Lato; color: #000000; } h2 { font-size: 24pt; font-family: Lato; color: black; } h3 { font-size: 18pt; font-family: Lato; color: black; } h4 { font-size: 14pt; font-family: Lato; color: black; } a { font-size: 12pt; font-family: Lato; color: #00718F; } a:hover { font-size: 12pt; color: #024F69; } a:target { font-size: 12pt; color: #032D42; } a:visited { font-size: 12pt; color: #00718f; } ul { font-size: 12pt; font-family: Lato; } li { font-size: 12pt; font-family: Lato; } img { display: ; max-width: ; width: ; height: ; } } Customers having issues uploading password protected files may run into the following: "File type not permitted or MIME type does not match the file content" In this case, we two sys_properties 'glide.attachment.extensions' and 'glide.security.file.mime_type.validation'. We have the following KB with more information regarding these properties: https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB0998558 But customer's may have questions regarding the risks of disabling MIME type validation. For example: What are the risks of disabling MIME type validation? Is this the recommended approach in a production environment? 1. With the mime type validation set to false, why does the password protected word document still work, but not powerpoint? This may be an issue with what is accepted in terms of extensions. The customer may need to verify the ppt extension file is part of their accepted extensions list. 2. The KB article mentions that the mime validation is a security feature. What are the risks by disabling it? Is this the recommended approach in a production environment? MIME Type validations prevent attackers from uploading harmful files as MIME type validation ensures that the file being sent has the right magic numbers. If MIME type validation is disabled, then the file could be rendered incorrectly or attackers can send harmful files through. It is recommended to enable MIME type validation to prevent these security issues. Also reference PRB1913625 The fix is going to be released in Australia, and in the meantime there is a safer workaround than setting glide.security.file.mime_type.validation to false: There is a system property glide.security.mime_type.aliasasset You can add the following to it - application/x-tika-ooxml-protected=application/vnd.openxmlformats-officedocument.presenationml.presentation That will tell the system that password-protected PPTX files are really the same MIME type as normal ones. The system property is comma-separated, so if there is already a value there, be sure to append the new value after adding a comma. This should fix the issue of being able to attach Password Protected Word Docs but not PowerPoint Docs