ATP packets aggregate feature failed frequently with error: "handle_aggregate: ooseq is larger than advertised maximum window. abort."

book

Article ID: 171536

calendar_today

Updated On:

Products

Advanced Threat Protection Platform

Issue/Introduction

ATP packets aggregate feature failed frequently with error: "handle_aggregate: ooseq is larger than advertised maximum window. abort."

Environment

ATP Platform AllInOne with scanning enabled,

or

ATP Platform management server with one or more network scanners with scanning enabled.

Resolution

Solution:
Upgrade to ATP 3.1.0 to prevent further occurrences of this condition.

In ATP 3.1.0, Symantec changed two behaviors:
 - Symantec corrected an incorrect condition to verify whether the number of handles available to accept and track conversations related to Out-Of-Sequence tcp packets.
 - Symantec added 2-times factor to the threshold when ATP identifies TCP window right edge has reached.