Hi Madstan,
As to scan/read content must be decrypted so before sending to email prevnt the content is not encrypted it will further encrypted when scan completed and data will be sent out next MTA so that before MTA it has been sent out to encryption Gateway.
Monitoring and prevention of TLS-encrypted email traffic is only supported with Email Prevent in version 10.0 and above, see the SMTP Prevent MTA Integration Guide for instructions.
Network Monitor cannot inspect encrypted traffic.