As mentioned Symantec DLP already can detect if a file is encrypted, there is a canned policy for detecting this already.
If needed, based on the companies requirement, you can configure the policy to block or redirect these files if needed. I would typically turn this on for Detection ONLY just to help provide some detail to the company on how people are using password protected files and encryption. This also gives them an idea if people are sending this type of information to non-approved business partners. I use this especially if someone is sending it to a personal email account (Yahoo. Gmail, etc).
The idea that DLP is not able to 'crack' open these files defeats the purpose of Encryption and would not be a good idea to any technology. Allowing a company to have the Encryption Key to all protected files would make any Encryption technology useless..not something that any one would want.
A typical approach that I reccomend is that the USER should NOT be allowed to encrypt emails or files, and this decision should be made by a policy in the DLP system (based on content of the email, files, or destination). This way the DLP system will then route the email through an encryption gateway and eliminate the possibility of a user being able to 'steal' data by encryptiing it first, which makes it hidden from the DLP system. This allows the Security group to govern and control what is being encrypted and not to the user, who typcially is the cause of data loss and usually will not remember to encrypt data.
The user is the problem..take them out of the equation..