Video Screencast Help

End Point Protection scheduled scan reports tracking cookie manual scan does not

Created: 30 Jan 2012 • Updated: 30 Jan 2012 | 3 comments

A scheduled scan at night reports a tracking cookie which it can not delete or quarantine. A manual invocation of the scheduled scan does not find the cookie. Cookie files have been deleted. Manual scans rerun with no threts found. The nightly scan finds the same cookie. Ran several other scanners which report no threats.

Running Symantic End Point Protection Version 11.0.6200.754

Cookie:system@zedo.com/    Tracking Cookies    Failed    Trackware    Cookie:system@zedo.com/    'PCNAME'    SYSTEM    Infected    Cookie:system@zedo.com/ Quarantine    Delete    Scheduled scan    failed    'date'

Comments 3 CommentsJump to latest comment

Simpson Homer's picture

 

  • Boot the machine in safemode

  • Run a full scan reboot the machine.

  • This removes the threat completely and there would be no more detections.

Mithun Sanghavi's picture

Hello,

Tracking Cookies are used by Legitmate web sites to track how many times you access their sites.  Web sites that use this type of cookie usually require a log in to access the site.  

Best to verify if this is being caused by the user is to perform a full scan, remove the threat and then reboot the machine. Once the machine is rebooted, then perform another full scan. If the full scan does not find the Tracking Cookie at that time, this means it is being placed there during the day while the user is working on the computer.

Run  the Full scan in Safe Mode with System Restore turned Off

Tracking Cookies - Check this: 

http://www.symantec.com/security_response/writeup.jsp?docid=2006-080217-3524-99

BLOG with Video:

https://www-secure.symantec.com/connect/blogs/tracking-cookies

 

 

Now your issue: 

Tracking cookies are, for the most part, completely harmless. As a result they will no be deleted or detected by auto-protect, however during a full scan the cookies are usually found and then deleted. 

In general this doesn't do any harm to the computer or user. Cookies are usually used by websites to track information about you. Usually the biggest reason people don't want cookies deleted is because that is how websites store their automatic log-in and password information when you click on "remember this password...". If you would like to hear more information on the subject or if you still have more questions please create a new thread.

Again, if you are annoyed with the notification being displayed, then disable the notification.

How to disable/enable Startup and Quick Scans within the Symantec Endpoint Protection Manager

http://www.symantec.com/business/support/index?page=content&id=TECH103044

 

Hope this may help you explaining the same!!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

aa23's picture

Mithun,

I have the same curiosity about cookies not flagged by auto-protect, but only detected and popped up during full scan. The answer hardly touched the "why" it is happening so. What's different in the full scan that manages to flag and deleted cookies, while they are not flagged on access?

There aren't noriffications to stop for cookies only, are there? It's either on or off for all types of detections.

I had to stop TruScan notifications for cookies, but doing that will prevent all TruScan alerts on the user's machine.

 

Thanks!