ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Checking for the presence or risk of a numeric overflow defect in Symantec Data Loss Prevention

book

Article ID: 161973

calendar_today

Updated On:

Products

Data Loss Prevention Enforce

Issue/Introduction

There is an issue in which several database tables can encounter numeric overflow issues.
 
DLP versions for which this Technical Note applies: all versions
DLP versions at high risk of exhibiting the defect: 12.0, 12.0.1, 12.5, 12.5.1
DLP versions that include fixes for this problem: Versions 12.5.2, 12.5.3, 14.0, and 14.0.1, include progressive fixes for the issue. Versions 14.0.2 and 14.5 provide a complete fix for the issue. 
Typical context: Large-scale systems with a high volume of DLP activity. Small-scale systems with specific usage patterns may experience the issue as well.

Resolution

The steps described below are non-intrusive, do not necessitate system downtime and can be repeated at any time or on a regular basis.
 
Procedure: on your DLP Enforce Oracle database, as PROTECT user, execute the following SQL query that will return the top 10 consumers of numeric IDs with their respective percentage capacity utilization:
 
1.       Log into SQLPlus as PROTECT user and run the following script:
 
select * from
(select round(LAST_NUMBER / DECODE(S.MAX_VALUE, 9999999999999999999999999999, 2147483647, S.MAX_VALUE) * 100.0, 4) as PCT_UTILIZATION,
S.SEQUENCE_NAME, S.INCREMENT_BY, S.LAST_NUMBER
from USER_SEQUENCES S
order by PCT_UTILIZATION desc)
where ROWNUM <= 10;

2.       Interpret the results:
 
•         The first column “PCT_UTILIZATION” displays the current capacity utilization of the DLP system ID (identification number) whose name is displayed on column #2 (SEQUENCE_NAME). This number should be low and as far away as possible from the 100% limit.
•         If your DLP version is earlier than 12.5.2 and the top number(s) are getting close to 100% (in the 60% to 80% range for example), your DLP system is at risk of hitting the numeric overflow defect within a short timeframe if not upgraded to a version that contains the fix. Versions 14.0.2 and 14.5 provide a complete fix to the problem.
•         If your DLP version is 12.5.2 or later and the top number(s) are elevated (higher than 20%), this is unexpected. Although there is no risk to your system at this level, please contact Symantec technical support and report the issue for further analysis.
•         If the top number(s) are above 100%, your DLP system is already affected by the problem and you should contact Symantec technical support immediately (whether you have already observed failure symptoms or not yet).