SEP 12.1 detecting a lot of Tracking Cookies
Updated: 08 Feb 2012 | 3 comments
This issue has been solved. See solution.
Hi Guys,
I´m currently setting up a SEP12.1 Management Server and moving more and more clients to that server from our current SEP11 environment.
For some tests I run Active Scans on computers and servers time to time. And in most of the scans, it finds a lot of tracking cookies:
Do I have a security risk here? Where do those things come from? Why is only the active scan detecting these things and not the Virus and Spyware Protection?
I´m a bit confused because I never saw these Cookies in our 11 Environment.
Thanks for help
Discussion Filed Under:
Comments
Tracking cookie
Hello,
Tracking Cookies are used by Legitmate web sites to track how many times you access their sites. Web sites that use this type of cookie usually require a log in to access the site.
Best to verify if this is being caused by the user is to perform a full scan, remove the threat and then reboot the machine. Once the machine is rebooted, then perform another full scan. If the full scan does not find the Tracking Cookie at that time, this means it is being placed there during the day while the user is working on the computer.
Run the Full scan in Safe Mode with System Restore turned Off
Tracking Cookies - Check this:
http://www.symantec.com/security_response/writeup.jsp?docid=2006-080217-3524-99
BLOG with Video:
https://www-secure.symantec.com/connect/blogs/tracking-cookies
Now your issue:
Tracking cookies are, for the most part, completely harmless. As a result they will no be deleted or detected by auto-protect, however during a full scan the cookies are usually found and then deleted.
In general this doesn't do any harm to the computer or user. Cookies are usually used by websites to track information about you. Usually the biggest reason people don't want cookies deleted is because that is how websites store their automatic log-in and password information when you click on "remember this password...". If you would like to hear more information on the subject or if you still have more questions please create a new thread.
Again, if you are annoyed with the notification being displayed, then disable the notification.
How to disable/enable Startup and Quick Scans within the Symantec Endpoint Protection Manager
http://www.symantec.com/business/support/index?page=content&id=TECH103044
In case if you have applied policy for receiving Notification, then you would surely receive Notification for ALL Risks.
At this point there is no way you could just exclude 1 type of Threat for not receiving Notification.
However, you could exclude Tracking cookie for being scanned, which would be then be not detected as a Threat.
OR create a Centralized Risk Exception.
How to add a Centralized Exception for a detection that is not included with Known Security Risk Exceptions in the Centralized Exception Policy.
http://www.symantec.com/docs/TECH106170
Hope this may help you explaining the same!!!
Mithun Sanghavi
Symantec Technical Support Engineer, SEP
MIM | MCSA | SCTS | ITIL v3
Follow me on Twitter: @mithun_sanghavi
Don't forget to mark your thread as 'SOLVED' with the answer that best helped yo
Do I have a security risk
Do I have a security risk here?
if it is detecting and taking the action, then no.
Where do those things come from?
these are basically to track the activity of web browsing.
Why is only the active scan detecting these things and not the Virus and Spyware Protection?
since active scan will scan the cookies folder after new definition comes in, where as AP will not scan unless the file is accessed.
Cheers!
Pete
Help Link: http://www.symantec.com/business/support/overview.jsp?pid=54619
Thanks for that great answer.
Thanks for that great answer. The Video is really good to understand what´s goin on!
Would you like to reply?
Login or Register to post your comment.