220.127.116.11.8 Encrypting the Message
If the client implements the SMB 3.x dialect family, the client MUST encrypt the message before sending, if any of the following conditions are satisfied:
If Session.EncryptData is TRUE and the request being sent is not SMB2 NEGOTIATE.
If Session.EncryptData is FALSE, the request being sent is not SMB2 NEGOTIATE or SMB2 SESSION_SETUP or SMB2 TREE_CONNECT, and TreeConnect.EncryptData is TRUE.
The client MUST encrypt the message as specified in section 18.104.22.168, before sending it to the server.